Bug #85206 for CGI: escapeHTML() output not affected by charset

Sun May 12 12:06:56 2013 peter.baranyi [...] gmail.com - Ticket created

Subject:	escapeHTML() output not affected by charset
Date:	Sun, 12 May 2013 12:06:22 -0400
To:	bug-CGI [...] rt.cpan.org
From:	Peter Baranyi <peter.baranyi [...] gmail.com>

Hi, The documentation at http://search.cpan.org/dist/CGI/lib/CGI.pm#AUTOESCAPING_HTML says about the escapeHTML function: If you manually change the charset, either by calling the charset() method explicitly or by passing a -charset argument to header(), then all characters will be replaced by their numeric entities I tried to use this behavior but I always get the same < > and & perl -MCGI -we '$cgi = CGI->new();print $cgi->header(-charset => "UTF-8"); print $cgi->escapeHTML("asd <qwe&baz> tyu");' Content-Type: text/html; charset=UTF-8 asd <qwe&baz> tyu perl -MCGI -we '$cgi = CGI->new();$cgi->charset("UTF-8"); print $cgi->charset() , $cgi->escapeHTML("asd <qwe&baz> tyu");' UTF-8asd <qwe&baz> tyu perl -MCGI -we '$cgi = CGI->new(); print $cgi->charset() , $cgi->escapeHTML("asd <qwe&baz> tyu"); 'ISO-8859-1asd <qwe&baz> tyu Is this a bug? If no please explain. perl version v5.14.2, CGI version 3.61 Thanks!

Mon May 13 09:07:55 2013 mark [...] summersault.com - Correspondence added

Subject:	Re: [rt.cpan.org #85206] escapeHTML() output not affected by charset
Date:	Mon, 13 May 2013 09:07:29 -0400
To:	bug-CGI [...] rt.cpan.org
From:	Mark Stosberg <mark [...] summersault.com>

Show quoted text

> The documentation at > http://search.cpan.org/dist/CGI/lib/CGI.pm#AUTOESCAPING_HTML says > about the escapeHTML function: > > If you manually change the charset, either by calling the charset() > method explicitly or by passing a -charset argument to header(), then > all characters will be replaced by their numeric entities > > I tried to use this behavior but I always get the same < > and & > > perl -MCGI -we '$cgi = CGI->new();print $cgi->header(-charset => > "UTF-8"); print $cgi->escapeHTML("asd <qwe&baz> tyu");' > Content-Type: text/html; charset=UTF-8 > > asd <qwe&baz> tyu > > perl -MCGI -we '$cgi = CGI->new();$cgi->charset("UTF-8"); print > $cgi->charset() , $cgi->escapeHTML("asd <qwe&baz> tyu");' > UTF-8asd <qwe&baz> tyu > > perl -MCGI -we '$cgi = CGI->new(); print $cgi->charset() , > $cgi->escapeHTML("asd <qwe&baz> tyu"); > 'ISO-8859-1asd <qwe&baz> tyu > > Is this a bug? If no please explain. > > perl version v5.14.2, CGI version 3.61

I'm not familiar with the cases under which CGI.pm switches to using numeric entities. Lincoln, can you weigh in here? Mark

Mon May 13 09:07:55 2013 The RT System itself - Status changed from 'new' to 'open'

Thu May 22 08:18:49 2014 LEEJO [...] cpan.org - Correspondence added

This issue has been copied to: https://github.com/leejo/CGI.pm/issues/118 please take all future correspondence there. This ticket will remain open but please do not reply here. This ticket will be closed when the github issue is dealt with.

Fri Oct 17 10:26:12 2014 LEEJO [...] cpan.org - Correspondence added

The POD is a lie... commit a1ce47d3f836303ef2fd8b1e40ef27d95814e0b7 Author: Lee Johnson <lee@givengain.ch> Date: Fri Oct 17 16:24:29 2014 +0200 resolve #118 [rt.cpan.org #85206] - some escapeHTML documentation removed stating that calls to escapeHTML with a changed charset force numeric encoding of all characters, because that does not happen. maybe it did in the past? but i can't see it doing it now, so remove misleading POD Changes | 3 +++ lib/CGI.pm | 6 +----- 2 files changed, 4 insertions(+), 5 deletions(-)

Fri Oct 17 10:26:14 2014 LEEJO [...] cpan.org - Status changed from 'open' to 'resolved'

Bug #85206 for CGI: escapeHTML() output not affected by charset

Preferred bug tracker