Mailing List Archive: proposed $escmode documentation changes

proposed $escmode documentation changes

May 17, 2000, 7:13 PM

Post #1 of 3 (1303 views)

Gerald,
if the following makes sense - please add it to the embperl
documentation for $escmode

Turn HTML and URL escaping on and off. The default is on
($escmode = 3).

+ The change in $escmode will take effect on the next call into
embperl. So, for example, to turn
+ off escaping for a particular section of code:
+
+ [- $save_escmode=$escmode; $escmode=0 -]
+ [+ Please read the following web message:
$web_message_in_html +]
+ [- $escmode=$save_escmode -]
+
NOTE: Normaly you can disable escaping by preceeding the item
that normaly is escaped with a
backslash. While this is a handy thing, it could be very
dangerous in situations, where content that
is inserted by some user is redisplayed, because they can enter
arbitary HTML and preceed them
with a backslash to avoid correct esaping when their input is
redisplayed again. To avoid this

--
___cliff rayman___www.genwax.com___cliff@genwax.com___

Re: proposed $escmode documentation changes [ In reply to ]

cliff at genwax

May 17, 2000, 8:25 PM

Post #2 of 3 (1243 views)

Permalink

your comments are true as they pertain to perl..
i understand how local works - no problem there.

in the case of embperl however:
i believe that the escaping has already occurred on the
block before it is processed, and therefore, in the example
that you gave, $var would still be subject to the $escmode
that was operating when the block started. changing it from within
the block will have no effect on that block, only subsequent blocks.
so, local $escmode has no effect on any embperl processing.

--
___cliff rayman___www.genwax.com___cliff@genwax.com___

"Martin A. Langhoff" wrote:

> ___cliff rayman___ wrote:
>
> > + [- $save_escmode=$escmode; $escmode=0 -]
>
> that'd be usually written in perl as
> [+ local $escmode=0 ; $var +]
>
> $escmode is set to 0 for that block only, and reset to 'saved state'
> when the block is over.
>
> martin
> -- --
> To understand recursion, one must first understand recursion.
> -- --
> - Martin Langhoff @ S C I M Multimedia Technology -
> - http://www.scim.net | God is real until -
> - mailto:mlangho@scim.net | declared integer -

RE: proposed $escmode documentation changes [ In reply to ]

richter at ecos

May 18, 2000, 12:55 AM

Post #3 of 3 (1257 views)

Permalink

>
> your comments are true as they pertain to perl..
> i understand how local works - no problem there.
>
> in the case of embperl however:
> i believe that the escaping has already occurred on the
> block before it is processed, and therefore, in the example
> that you gave, $var would still be subject to the $escmode
> that was operating when the block started. changing it from within
> the block will have no effect on that block, only subsequent blocks.
> so, local $escmode has no effect on any embperl processing.
>

No, [+ local $escmode=0 ; $var +] works because Embperl takes care that the
escmode is switched back _after_ the block has been outputed.

I think the thing you have in mind is $optRawInput, this one _must_ be set
before the block it should act on, because the input unescaping must take
place before the block is executed.

Gerald

> --
> ___cliff rayman___www.genwax.com___cliff@genwax.com___
>
> "Martin A. Langhoff" wrote:
>
> > ___cliff rayman___ wrote:
> >
> > > + [- $save_escmode=$escmode; $escmode=0 -]
> >
> > that'd be usually written in perl as
> > [+ local $escmode=0 ; $var +]
> >
> > $escmode is set to 0 for that block only, and reset to 'saved state'
> > when the block is over.
> >
> > martin
> > -- --
> > To understand recursion, one must first understand recursion.
> > -- --
> > - Martin Langhoff @ S C I M Multimedia Technology -
> > - http://www.scim.net | God is real until -
> > - mailto:mlangho@scim.net | declared integer -
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
> For additional commands, e-mail: embperl-help@perl.apache.org
>
>