NAME

SYNOPSIS

    use Rose::HTML::Util qw(:all);

    $esc = escape_html($str);
    $str = unescape_html($esc);

    $esc = escape_uri($str);
    $str = unescape_uri($esc);

    $comp = escape_uri_component($str);

    $esc = encode_entities($str);

DESCRIPTION

This all may seem silly, but I like to be able to pull these functions from a single location and get the fastest possible versions.

EXPORTS

The 'all' tag:

    use Rose::HTML::Util qw(:all);

will cause the following function names to be imported:

    escape_html()
    unescape_html()
    escape_uri()
    escape_uri_component()
    encode_entities()

FUNCTIONS

escape_html STRING [, UNSAFE]

This method passes its arguments to HTML::Entities::encode_entities(). If the list of unsafe characters is omitted, it defaults to "<>&""

unescape_html STRING

This method is an alias for HTML::Entities::decode().

escape_uri STRING

This is a wrapper for URI::Escape::uri_escape() that is intended to escape entire URIs. Example:

    $str = 'http://foo.com/bar?baz=1%&blay=foo bar'
    $esc = escape_uri($str);

    print $esc; # http://foo.com/bar?baz=1%25&blay=foo%20bar
    

In other words, it tries to escape all characters that need to be escaped in a URI except those characters that are legitimately part of the URI: forward slashes, the question mark before the query, etc.

The current implementation escapes all characters except those in this set:

    A-Za-z0-9\-_.,'!~*#?&()/?@:[]=
    

Note that the URI-escaped string is not HTML-escaped. In order make a URI safe to include in an HTML page, call escape_html() as well:

    $h = '<a href="' . escape_html(escape_uri($str)) . '">foo</a>';
    

escape_uri_component STRING

When running under mod_perl 1.x, this is an alias for Apache::Util::escape_uri(). Otherwise, it's an alias for URI::Escape::uri_escape().

encode_entities STRING [, UNSAFE]

This method passes its arguments to HTML::Entities::encode_entities(). If the list of unsafe characters is omitted, it defaults to "<>&""

AUTHOR

LICENSE