Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re^3: [Perl-CGI] Print non-interpolated string

by Anonymous Monk
on Apr 04, 2014 at 08:31 UTC ( #1081086=note: print w/replies, xml ) Need Help??

in reply to Re^2: [Perl-CGI] Print non-interpolated string
in thread [Perl-CGI] Print non-interpolated string

I tried the escapeHTML function but Perl said that it couldn't find this one.

If you want to use the functional interface, either import the function, or use its fully qualified name (full name)

According to the version 3.65 manual escapeHTML is being executed automatically.

Well, you didn't understand what you read -- you're not using any of the form generators which would do this automatically

So my guess is that escapeHTML is a feature that was introduced in a later version.

Its been there for at least 20 years

  • Comment on Re^3: [Perl-CGI] Print non-interpolated string

Replies are listed 'Best First'.
Re^4: [Perl-CGI] Print non-interpolated string
by Digioso (Sexton) on Apr 04, 2014 at 09:45 UTC
    Thanks, I managed to fix it.
    The documentation is... let's say not really clear on how to use it.
    It says: $escaped_string = escapeHTML("unescaped string");

    But for manual use it's $escaped_string = $cgi->escapeHTML("unescaped string");
    Unfortunately this is not mentioned in the documentation but Google found the Syntax for me. This method is not importet by using 'use CGI;'. It's a method on the $cgi-Object. :)

    And you're right: This method is used automatcally only for forms created using and not on my self-written HTML-code.

      CGI has two operating modes: OO and procedural. You have to import the procedural portions to get that syntax.

      Also, it's not Perl that's evaluating your code as to Perl it's just text data until you use something like eval $text. Your browser, on the other hand, feels free to interpret HTML as HTML in an HTML document type. Look into both escaping characters (as you have done), and into additional issues like HTML entities in general and <pre></pre> tags. While you're at it, look into SQL injection and XSS.

        Thanks, my problem came up together with SQL injections basically. Not that I've been hit by that but I noticed the possibility.
        Regarding XSS I think that I'm kinda safe, since I considered that while programming but a having a deeper look won't hurt. :)
        OK, reading it whole explains a lot. :)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1081086]
[stevieb]: choroba my GPS home device is done, at least prototype v1 is. I'm just making sure all of my code does what it says now
[stevieb]: I test/prototype code on my Pi, then I migrate it over to Arduino when it's ready (if that's a better platform for what I'm doing). The whole RPi stuff was for learning at first, then it snowballed. I'm just trying to get my in-house CI...
[stevieb]: ...done, which obviously requires a specific hardware setup.
[stevieb]: I don't write tests for the lower-level distributions (ie. ICs, sensors etc) within those distributions, I have all tests in a master distribution which encompasess all of the sub-modules

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (6)
As of 2017-06-25 22:54 GMT
Find Nodes?
    Voting Booth?
    How many monitors do you use while coding?

    Results (572 votes). Check out past polls.