Embperl - building dynamic websites with Perl

 

 

 
Home
 
Features
 
Introduction
 
Embperl
 
Embperl::Object
 
Embperl 2 Advanced
 
Documentation
 
Installation
 
Support
 
Changes

    Stable 3.0.0
    Beta 3.0.0-rc.2

 

 

Deutsch 

 

English
Escaping/Unescaping
[ << Prev: Security ] [ Content ] [ Next: How to continue >> ]


Input: unescapingtop

Embperl is able to unescape the source it reads. That is usfull when you use a high level HTML editor, which might add unwanted html tags like <BR> into your Perl code.

This feature if off by default in Embperl 2.0 and can be turned on with the configuration directive EMBPERL_INPUT_ESCMODE.

When turned on it does

 

convert HTML escapes to characters (e.g. &lt; to <)

 

remove HTML tags from Perl code (e.g. <br> insert by high level editor)



Output: escapingtop

It's very important to do a correct escing of your HTML output, to avoid security problems like cross-site-scripting. Therefor Embperl escapes all output that comes from Perl. This escaping is context sensitv and uses HTML or URL escaping, depending on the context. It's also possible to use XML escaping.

The output escaping can be configured by the configuration directive EMBPERL_ESCMODE or changed anytime inside any page by setting $escmode

[ << Prev: Security ] [ Content ] [ Next: How to continue >> ]
© 1997-2023 Gerald Richter / actevy