Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
HTML::Mason::Escapes(3User Contributed Perl DocumentatiHTML::Mason::Escapes(3)

       HTML::Mason::Escapes - Functions	to escape text for Mason

       This module contains functions for implementing Mason's substitution
       escaping	feature.  These	functions may also be called directly.

	   This	function takes a scalar	reference and HTML-escapes it using
	   the "HTML::Entities"	module.	 By default, this module assumes that
	   the string it is escaping is	in ISO-8859-1 (pre Perl	5.8.0) or
	   UTF-8 (Perl 5.8.0 onwards).	If this	is not the case	for your data,
	   you will want to override this escape to do the right thing for
	   your	encoding.  See the section on User-defined Escapes in the
	   Developer's Manual for more details on how to do this.

	   This	takes a	scalar reference and replaces any text it contains
	   matching "[^a-zA-Z0-9_.-]" with the URL-escaped equivalent, a
	   percent sign	(%) followed by	the hexadecimal	number of that

	   This	function takes a scalar	reference and HTML-escapes it,
	   escaping the	following characters: '&', '>',	'<', and '"'.

	   It is provided for those who	wish to	use it to replace (or
	   supplement) the existing 'h'	escape flag, via the Interpreter's
	   "set_escape()" method.

	   This	function is provided in	order to allow people to return	the
	   HTML	escaping behavior in 1.0x.  However, this behavior presents a
	   potential security risk of allowing cross-site scripting attacks.
	   HTML	escaping should	always be done based on	the character set a
	   page	is in.	Merely escaping	the four characters mentioned above is
	   not sufficient.  The	quick summary of why is	that for some
	   character sets, characters other than '<' may be interpreted	as a
	   "less than" sign, meaning that just filtering '<' and '>' will not
	   stop	all cross-site scripting attacks.  See for more

perl v5.32.1			  2020-05-16	       HTML::Mason::Escapes(3)


Want to link to this manual page? Use this URL:

home | help