Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 19789
Status: resolved
Priority: 0/
Queue: CGI
People
Owner: MARKSTOS [...] cpan.org
Requestors: srshah [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Jun 08 09:54:59 2006 srshah [...] cpan.org - Ticket created
Subject: CGI::Carp::fatalsToBrowser assumes custom handlers will also display the error message in <pre> tags
CGI::Carp::fatalsToBrowser assumes custom handlers will also display the error message in <pre> tags, and therefore escapes any angled brackets etc. This massively reduces the flexibility of the feature, as the user may actually want to specify HTML which is handled by a custom handler specificed by set_handler. As I see it there are two ways to resolve this. 1) Only escape when a custom handler is not used - This has a disadvantage in that it may break other people's code that are relying on this escaping behaviour. 2) Have a set_html_handler which in addition to calling set_handler also sets a variable to indicate the handler can handle HTML and do not do the escaping in fatalsToBrowser when this variable is set. I'll happily provide a patch for either options if you agree that this behaviour is something that should be changed to provide greater flexibility.
  Mon Jul 20 21:53:00 2009 MARKSTOS [...] cpan.org - Taken
  Mon Jul 20 21:54:32 2009 MARKSTOS [...] cpan.org - Correspondence added
On Thu Jun 08 09:54:59 2006, SRSHAH wrote: Show quoted text
> CGI::Carp::fatalsToBrowser assumes custom handlers will also display the > error message in <pre> tags, and therefore escapes any angled brackets
etc. Show quoted text
> > This massively reduces the flexibility of the feature, as the user may > actually want to specify HTML which is handled by a custom handler > specificed by set_handler. > > As I see it there are two ways to resolve this. > > 1) Only escape when a custom handler is not used - This has a > disadvantage in that it may break other people's code that are relying > on this escaping behaviour. > > 2) Have a set_html_handler which in addition to calling set_handler also > sets a variable to indicate the handler can handle HTML and do not do > the escaping in fatalsToBrowser when this variable is set. > > I'll happily provide a patch for either options if you agree that this > behaviour is something that should be changed to provide greater > flexibility.
CGI::Carp includes a third option, a "set_die_handler". From some testing I did tonight, it appears it does not escape HTML as you wish. If this does not seem sufficient for you, please reply to this message to re-open the ticket. Mark
  Mon Jul 20 21:54:33 2009 The RT System itself - Status changed from 'new' to 'open'
  Mon Jul 20 21:54:34 2009 MARKSTOS [...] cpan.org - Status changed from 'open' to 'resolved'
  Fri May 23 14:28:39 2014 The RT System itself - Queue changed from CGI.pm to CGI