Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 19789
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: srshah [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)



Subject: CGI::Carp::fatalsToBrowser assumes custom handlers will also display the error message in <pre> tags
Download (untitled) / with headers
text/plain 879b
CGI::Carp::fatalsToBrowser assumes custom handlers will also display the error message in <pre> tags, and therefore escapes any angled brackets etc. This massively reduces the flexibility of the feature, as the user may actually want to specify HTML which is handled by a custom handler specificed by set_handler. As I see it there are two ways to resolve this. 1) Only escape when a custom handler is not used - This has a disadvantage in that it may break other people's code that are relying on this escaping behaviour. 2) Have a set_html_handler which in addition to calling set_handler also sets a variable to indicate the handler can handle HTML and do not do the escaping in fatalsToBrowser when this variable is set. I'll happily provide a patch for either options if you agree that this behaviour is something that should be changed to provide greater flexibility.
Download (untitled) / with headers
text/plain 1.1k
On Thu Jun 08 09:54:59 2006, SRSHAH wrote: Show quoted text
> CGI::Carp::fatalsToBrowser assumes custom handlers will also display the > error message in <pre> tags, and therefore escapes any angled brackets
etc. Show quoted text
> > This massively reduces the flexibility of the feature, as the user may > actually want to specify HTML which is handled by a custom handler > specificed by set_handler. > > As I see it there are two ways to resolve this. > > 1) Only escape when a custom handler is not used - This has a > disadvantage in that it may break other people's code that are relying > on this escaping behaviour. > > 2) Have a set_html_handler which in addition to calling set_handler also > sets a variable to indicate the handler can handle HTML and do not do > the escaping in fatalsToBrowser when this variable is set. > > I'll happily provide a patch for either options if you agree that this > behaviour is something that should be changed to provide greater > flexibility.
CGI::Carp includes a third option, a "set_die_handler". From some testing I did tonight, it appears it does not escape HTML as you wish. If this does not seem sufficient for you, please reply to this message to re-open the ticket. Mark


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.