Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Generate &LT; instead of &LT for html_escape('<') (closes #326)
The latter form (without semicolon) is legal, and we have to accept it,
but we avoid generating it because it's more likely to be misparsed by
careless parsers.
  • Loading branch information
amenonsen committed May 8, 2012
1 parent f022555 commit 02034bc
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 4 deletions.
1 change: 1 addition & 0 deletions Changes
Expand Up @@ -11,6 +11,7 @@ This file documents the revision history for Perl extension Mojolicious.
- Fixed small cookie formatting bug.
- Fixed small bug in cookie parser.
- Fixed small backlog bug in Mojo::Server::Daemon.
- Fixed a small Mojo::Util::html_escape misfeature (OlegG).

2.93 2012-05-05
- Added remove method to Mojolicious::Routes::Route.
Expand Down
2 changes: 1 addition & 1 deletion lib/Mojo/Util.pm
Expand Up @@ -33,7 +33,7 @@ my %ENTITIES;

# Reverse entities for html_escape (without "apos")
my %REVERSE = ("\x{0027}" => '#39;');
$REVERSE{$ENTITIES{$_}} //= $_ for sort keys %ENTITIES;
$REVERSE{$ENTITIES{$_}} //= $_ for sort grep /;$/, keys %ENTITIES;

# Encode cache
my %ENCODE;
Expand Down
6 changes: 3 additions & 3 deletions t/mojo/bytestream.t
Expand Up @@ -199,7 +199,7 @@ is b('Hi there')->hmac_sha1_sum(1234567890),

# html_escape
$stream = b("foo bar'<baz>");
is $stream->html_escape, 'foo bar&#39;&LTbaz&GT', 'right html escaped result';
is $stream->html_escape, 'foo bar&#39;&LT;baz&GT;', 'right html escaped result';

# html_escape (nothing to escape)
$stream = b("foobar123\n\r\t !#\$\%()*+,-./:;=?[\\]^-{|}@~");
Expand Down Expand Up @@ -230,7 +230,7 @@ is $stream->html_unescape, "&Ltf&&0oo\x{00a0}ba;<r",

# utf8 html_escape
$stream = b("fo\nobar<baz>&\"\x{152}")->html_escape;
is "$stream", "fo\nobar&LTbaz&GT&AMP&QUOT&OElig;", 'right html escaped result';
is "$stream", "fo\nobar&LT;baz&GT;&AMP;&QUOT;&OElig;", 'right html escaped result';

# utf8 html_unescape
$stream
Expand All @@ -244,7 +244,7 @@ is "$stream", '/home/sri/perl/site_perl/5.10.0/Mojo.pm',

# html_escape (custom pattern)
$stream = b("fo\no b<a>r")->html_escape('o<');
is "$stream", "f&#111;\n&#111; b&LTa>r", 'right html escaped result';
is "$stream", "f&#111;\n&#111; b&LT;a>r", 'right html escaped result';

# xml_escape
$stream = b(qq/la<f>\nbar"baz"'yada\n'&lt;la/)->xml_escape;
Expand Down

0 comments on commit 02034bc

Please sign in to comment.