escape only entities which are dangerous to html

author Dobrica Pavlinusic <dpavlin@rot13.org>

Sat, 15 Mar 2003 19:37:07 +0000 (19:37 +0000)

committer Dobrica Pavlinusic <dpavlin@rot13.org>

Sat, 15 Mar 2003 19:37:07 +0000 (19:37 +0000)
author Dobrica Pavlinusic <dpavlin@rot13.org>
Sat, 15 Mar 2003 19:37:07 +0000 (19:37 +0000)
committer Dobrica Pavlinusic <dpavlin@rot13.org>
Sat, 15 Mar 2003 19:37:07 +0000 (19:37 +0000)
diff --git a/index_DBI.pm b/index_DBI.pm

index 6729bd3..0ea4fad 100644 (file)
--- a/index_DBI.pm
+++ b/index_DBI.pm
@@ -137,7 +137,7 @@ sub fetch {
         $sth->execute() || die "execute: $sql; ".$self->{dbh}->errstr();
         my @arr;
         while (my $row = $sth->fetchrow_hashref) {
-               $row->{item} = HTML::Entities::encode($row->{item});
+               $row->{item} = HTML::Entities::encode($row->{item},'<>&"');
                 push @arr,$row;
         }
         return @arr;
author	Dobrica Pavlinusic <dpavlin@rot13.org>
	Sat, 15 Mar 2003 19:37:07 +0000 (19:37 +0000)
committer	Dobrica Pavlinusic <dpavlin@rot13.org>
	Sat, 15 Mar 2003 19:37:07 +0000 (19:37 +0000)