org/kernel/git.git - forked from git/git

diff options

author	Jakub Narebski <jnareb@gmail.com>	2007-03-07 02:21:25 +0100
committer	Junio C Hamano <junkio@cox.net>	2007-03-24 22:25:47 -0700
commit	346d5e1835937d701785300717ce34f92609c2b3 (patch)
tree	68d0b3f593bd5dcec6da77cb66e450944898c237 /gitweb/gitweb.css
parent	290b1467a387a3e5306028f36118a52958fa36c5 (diff)
download	git-346d5e1835937d701785300717ce34f92609c2b3.tar.gz git-346d5e1835937d701785300717ce34f92609c2b3.tar.xz

gitweb: Don't escape attributes in CGI.pm HTML methods

There is no need to escape HTML tag's attributes in CGI.pm HTML methods (like CGI::a()), because CGI.pm does attribute escaping automatically. $cgi->a({ ... -attribute => atribute_value }, tag_contents) is translated to <a ... attribute="attribute_value">tag_contents</a> The rules for escaping attribute values (which are string contents) are different. For example you have to take care about escaping embedded '"' and "'" characters; CGI::a() does that for us automatically. CGI::a() does not HTML escape tag_contents; we would need to write <a href="URL">some <b>bold</b> text</a> for example. So we use esc_html (or esc_path) to escape tag_contents as needed. Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>

Diffstat (limited to 'gitweb/gitweb.css')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: