line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
|
2
|
|
|
|
|
|
|
use strict; |
3
|
43
|
|
|
43
|
|
248
|
|
|
43
|
|
|
|
|
75
|
|
|
43
|
|
|
|
|
3139
|
|
4
|
|
|
|
|
|
|
require Exporter; |
5
|
|
|
|
|
|
|
our @ISA = qw(Exporter); |
6
|
|
|
|
|
|
|
|
7
|
|
|
|
|
|
|
our @EXPORT_OK = |
8
|
|
|
|
|
|
|
qw(escape_html unescape_html escape_uri escape_uri_component |
9
|
|
|
|
|
|
|
encode_entities strip_html html_attrs_string); |
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
our %EXPORT_TAGS = |
12
|
|
|
|
|
|
|
( |
13
|
|
|
|
|
|
|
all => |
14
|
|
|
|
|
|
|
[ |
15
|
|
|
|
|
|
|
qw(escape_html unescape_html escape_uri escape_uri_component |
16
|
|
|
|
|
|
|
encode_entities) |
17
|
|
|
|
|
|
|
] |
18
|
|
|
|
|
|
|
); |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
use HTML::Entities(); |
21
|
43
|
|
|
43
|
|
17971
|
use URI::Escape; |
|
43
|
|
|
|
|
213566
|
|
|
43
|
|
|
|
|
1247
|
|
22
|
43
|
|
|
43
|
|
14023
|
|
|
43
|
|
|
|
|
43038
|
|
|
43
|
|
|
|
|
17038
|
|
23
|
|
|
|
|
|
|
if(exists $ENV{'MOD_PERL'} && require mod_perl && $mod_perl::VERSION < 1.99) |
24
|
|
|
|
|
|
|
{ |
25
|
|
|
|
|
|
|
require Apache::Util; |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
#*escape_html = \&HTML::Entities::encode; |
28
|
|
|
|
|
|
|
*escape_html = \&encode_entities; |
29
|
|
|
|
|
|
|
*unescape_html = \&HTML::Entities::decode; |
30
|
|
|
|
|
|
|
*escape_uri_component = \&Apache::Util::escape_uri; |
31
|
|
|
|
|
|
|
} |
32
|
|
|
|
|
|
|
else |
33
|
|
|
|
|
|
|
{ |
34
|
|
|
|
|
|
|
#*escape_html = \&HTML::Entities::encode; |
35
|
|
|
|
|
|
|
*escape_html = \&encode_entities; |
36
|
|
|
|
|
|
|
*unescape_html = \&HTML::Entities::decode; |
37
|
|
|
|
|
|
|
*escape_uri_component = \&URI::Escape::uri_escape; |
38
|
|
|
|
|
|
|
} |
39
|
|
|
|
|
|
|
|
40
|
|
|
|
|
|
|
our $VERSION = '0.011'; |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
|
43
|
1093
|
50
|
|
1093
|
1
|
3689
|
{ |
44
|
|
|
|
|
|
|
URI::Escape::uri_escape($_[0], |
45
|
|
|
|
|
|
|
(@_ > 1) ? (defined $_[1] ? $_[1] : ()) : q(^A-Za-z0-9\-_.,'!~*#?&()/?@\:\[\]=)); |
46
|
|
|
|
|
|
|
} |
47
|
0
|
0
|
|
0
|
1
|
0
|
|
|
|
0
|
|
|
|
|
|
48
|
|
|
|
|
|
|
{ |
49
|
|
|
|
|
|
|
my %attrs; |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
if(@_ == 1 && ref $_[0] eq 'HASH') |
52
|
|
|
|
|
|
|
{ |
53
|
61
|
|
|
61
|
0
|
467
|
%attrs = %{$_[0]}; |
54
|
|
|
|
|
|
|
} |
55
|
61
|
50
|
33
|
|
|
210
|
elsif(@_ && @_ % 2 == 0) |
|
|
0
|
0
|
|
|
|
|
56
|
|
|
|
|
|
|
{ |
57
|
61
|
|
|
|
|
75
|
%attrs = @_; |
|
61
|
|
|
|
|
149
|
|
58
|
|
|
|
|
|
|
} |
59
|
|
|
|
|
|
|
|
60
|
|
|
|
|
|
|
return '' unless(keys %attrs); |
61
|
0
|
|
|
|
|
0
|
|
62
|
|
|
|
|
|
|
return ' ' . join(' ', map { $_ . q(=") . escape_html($attrs{$_}) . q(") } |
63
|
|
|
|
|
|
|
sort keys(%attrs)); |
64
|
61
|
100
|
|
|
|
171
|
} |
65
|
|
|
|
|
|
|
|
66
|
43
|
|
|
|
|
93
|
{ |
|
55
|
|
|
|
|
488
|
|
67
|
|
|
|
|
|
|
my($text) = shift; |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
# XXX: dumb for now... |
70
|
|
|
|
|
|
|
$text =~ s{<[^>]*?/?>}{}g; |
71
|
|
|
|
|
|
|
|
72
|
0
|
|
|
0
|
0
|
|
return $text; |
73
|
|
|
|
|
|
|
} |
74
|
|
|
|
|
|
|
|
75
|
0
|
|
|
|
|
|
1; |
76
|
|
|
|
|
|
|
|
77
|
0
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
=head1 NAME |
80
|
|
|
|
|
|
|
|
81
|
|
|
|
|
|
|
Rose::HTML::Util - Utility functions for manipulating HTML. |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
=head1 SYNOPSIS |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
use Rose::HTML::Util qw(:all); |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
$esc = escape_html($str); |
88
|
|
|
|
|
|
|
$str = unescape_html($esc); |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
$esc = escape_uri($str); |
91
|
|
|
|
|
|
|
$str = unescape_uri($esc); |
92
|
|
|
|
|
|
|
|
93
|
|
|
|
|
|
|
$comp = escape_uri_component($str); |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
$esc = encode_entities($str); |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
=head1 DESCRIPTION |
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
L<Rose::HTML::Util> provides aliases and wrappers for common HTML manipulation functions. When running in a mod_perl 1.x web server environment, Apache's C-based functions are used in some cases. |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
This all may seem silly, but I like to be able to pull these functions from a single location and get the fastest possible versions. |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
=head1 EXPORTS |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
L<Rose::HTML::Util> does not export any function names by default. |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
The 'all' tag: |
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
use Rose::HTML::Util qw(:all); |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
will cause the following function names to be imported: |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
escape_html() |
114
|
|
|
|
|
|
|
unescape_html() |
115
|
|
|
|
|
|
|
escape_uri() |
116
|
|
|
|
|
|
|
escape_uri_component() |
117
|
|
|
|
|
|
|
encode_entities() |
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
=head1 FUNCTIONS |
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
=over 4 |
122
|
|
|
|
|
|
|
|
123
|
|
|
|
|
|
|
=item B<escape_html STRING [, UNSAFE]> |
124
|
|
|
|
|
|
|
|
125
|
|
|
|
|
|
|
This method passes its arguments to L<HTML::Entities::encode_entities()|HTML::Entities/encode_entities>. If the list of unsafe characters is omitted, it defaults to C<E<lt>E<gt>&"> |
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
=item B<unescape_html STRING> |
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
This method is an alias for L<HTML::Entities::decode()|HTML::Entities/decode>. |
130
|
|
|
|
|
|
|
|
131
|
|
|
|
|
|
|
=item B<escape_uri STRING> |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
This is a wrapper for L<URI::Escape::uri_escape()|URI::Escapeuri_escape> that is intended to escape entire URIs. Example: |
134
|
|
|
|
|
|
|
|
135
|
|
|
|
|
|
|
$str = 'http://foo.com/bar?baz=1%&blay=foo bar' |
136
|
|
|
|
|
|
|
$esc = escape_uri($str); |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
print $esc; # http://foo.com/bar?baz=1%25&blay=foo%20bar |
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
In other words, it tries to escape all characters that need to be escaped in a URI I<except> those characters that are legitimately part of the URI: forward slashes, the question mark before the query, etc. |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
The current implementation escapes all characters except those in this set: |
143
|
|
|
|
|
|
|
|
144
|
|
|
|
|
|
|
A-Za-z0-9\-_.,'!~*#?&()/?@:[]= |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
Note that the URI-escaped string is not HTML-escaped. In order make a URI safe to include in an HTML page, call L<escape_html()|/escape_html> as well: |
147
|
|
|
|
|
|
|
|
148
|
|
|
|
|
|
|
$h = '<a href="' . escape_html(escape_uri($str)) . '">foo</a>'; |
149
|
|
|
|
|
|
|
|
150
|
|
|
|
|
|
|
=item B<escape_uri_component STRING> |
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
When running under mod_perl 1.x, this is an alias for L<Apache::Util::escape_uri()|Apache::Util/escape_uri>. Otherwise, it's an alias for L<URI::Escape::uri_escape()|URI::Escapeuri_escape>. |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
=item B<encode_entities STRING [, UNSAFE]> |
155
|
|
|
|
|
|
|
|
156
|
|
|
|
|
|
|
This method passes its arguments to L<HTML::Entities::encode_entities()|HTML::Entities/encode_entities>. If the list of unsafe characters is omitted, it defaults to C<E<lt>E<gt>&"> |
157
|
|
|
|
|
|
|
|
158
|
|
|
|
|
|
|
=back |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
=head1 AUTHOR |
161
|
|
|
|
|
|
|
|
162
|
|
|
|
|
|
|
John C. Siracusa (siracusa@gmail.com) |
163
|
|
|
|
|
|
|
|
164
|
|
|
|
|
|
|
=head1 LICENSE |
165
|
|
|
|
|
|
|
|
166
|
|
|
|
|
|
|
Copyright (c) 2010 by John C. Siracusa. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. |