Lib html

Jump to bottom Edit New page

kud1ing edited this page Aug 4, 2013 · 16 revisions

A library/module for escaping/unescaping of special HTML characters.

1. Announcement to mailing list

Proposed editor: your name
Date proposed: date of proposal
Link: link to email

Notes from discussion on mailing list

note
note
note

2. Research of standards and techniques

Standard: standard - link to docs - ...
Standard: standard - link to docs - ...
Technique: technique - link to docs - ...
Technique: technique - link to docs - ...

Summary of research on standards and leading techniques

Relevant standards and techniques exist?

Those intended to follow (and why)

Those intended to ignore (and why)

3. Research of libraries from other languages

Language: Go - html
- EscapeString() escapes only the 5 characters < > & ' "
- UnescapeString() unescapes more characters
Language: PHP - htmlspecialchars()
- escapes only the 5 characters < > & ' " - htmlspecialchars_decode ()
- decodes only the characters handled by htmlspecialchars()

Summary of research from other languages:

Structures and functions commonly appearing

Variations on implementation seen

Pitfalls and hazards associated with each variant

Relationship to other libraries and/or abstract interfaces

4. Module writing

See https://github.com/veddan/rust-htmlescape

Pull request: link to bug

Additional implementation notes

Question: where to get from the complete list of characters to escape and entities to produce?

escape_minimal() only escapes the necessary 5 characters < > & ' " which are necessary for security/forms/URLs
- < => <
- > => >
- & => &
- ' => '
- " => "
escape_full() escapes all characters
- We probably should use a table-lookup (binary search), similar to the code in https://github.com/mozilla/rust/blob/incoming/src/libcore/unicode.rs