Home : Introduction : Embperl
Google Web perl.apache.org

 
Home
 
Features
 
Introduction
 
Embperl
 
Embperl::Object
 
Embperl 2 Advanced
 
DBIx::Recordset
 
Documentation
 
Installation
 
Download
 
Support
 
Changes
 
Wiki
 
More infos
 
Add info about Embperl
 
Login

    Stable 2.4.0
    Beta 2.5.0_3
Support the development of Embperl! More...
Escaping/Unescaping
[ << Prev: Security ] [ Content ] [ Next: How to continue >> ]



Input: unescapingtop

Embperl is able to unescape the source it reads. That is usfull when you use a high level HTML editor, which might add unwanted html tags like <BR> into your Perl code.

This feature if off by default in Embperl 2.0 and can be turned on with the configuration directive EMBPERL_INPUT_ESCMODE.

When turned on it does

 

convert HTML escapes to characters (e.g. &lt; to <)

 

remove HTML tags from Perl code (e.g. <br> insert by high level editor)



Output: escapingtop

It's very important to do a correct escing of your HTML output, to avoid security problems like cross-site-scripting. Therefor Embperl escapes all output that comes from Perl. This escaping is context sensitv and uses HTML or URL escaping, depending on the context. It's also possible to use XML escaping.

The output escaping can be configured by the configuration directive EMBPERL_ESCMODE or changed anytime inside any page by setting $escmode


[ << Prev: Security ] [ Content ] [ Next: How to continue >> ]

© 1997-2012 Gerald Richter / ecos gmbh