[Catalyst] html escaping question
Mario Minati
mario.minati at googlemail.com
Wed Mar 21 13:47:45 GMT 2007
Am Mittwoch 21 März 2007 12:42 schrieb Carl Franks:
> On 21/03/07, Mario Minati <mario.minati at googlemail.com> wrote:
> > Am Mittwoch 21 März 2007 10:38 schrieb Ash Berlin:
> > > Mario Minati wrote:
> > > > What is the best/common practice to get text that might containt html
> > > > escapable characters (e. g. '&', '<') from a form field to catalyst
> > > > to db and back to form field?
> > > >
> > > > At the moment I'm thinking of not doing any html escaping at all and
> > > > believe in unicode to handle the encoding correctly, but I would ran
> > > > into problems with '<funname>'.
> > > >
> > > > So if I escape a string and send it back to the form the content of
> > > > the textfield is '<funame>'. Why is that?
> > >
> > > I'll asume you are using TT since you didn't say otherwise'
> > >
> > > [% '<funname>' | html %]
> >
> > You mean I have to filter every form field that way?
> > Or do you mean normal text content?
>
> Mario,
>
> Am I right in thinking you're not using formfu in this particular case?
> Because if you are, H::FF::Element::field::_render_value() already
> runs all values through H::FF::Util::xml_escape() which escapes the 5
> characters & " ' < >
> In which case you may be double-escaping.
I am Carl.
But how can I circumvent this. Actually it's not a clever question.
Is it usefull to circumvent that.
My current problem:
As the part of my project I am working on at moment deals with companies I
have to deal with "GmbH & Co. KG" which is a quite popular type of company in
Germany.
If a users types that in a form field everything is fine until it comes to
editing. The string is escaped - of course. But the user is confused when he
sees "GmbH & Co. KG".
How to go about that?
Greets,
Mario Minati
More information about the Catalyst
mailing list