user-pic

Ben Bullock

  • Posted Always use `const char *` to refer to the return value from SvPV to The Incredible Journey

    Always use const char * to refer to the return value from SvPV.

    Yesterday I got a bug report from a user via Github about Text::Fuzzy

  • Commented on The not-so-great escape
    A couple of examples of modules which do the escaping correctly are Mojo::Util https://metacpan.org/source/SRI/Mojolicious-7.34/lib/Mojo/Util.pm#L314 and HTML::Entities https://metacpan.org/source/GAAS/HTML-Parser-3.72/lib/HTML/Entities.pm#L462 as mentioned by Toby Inkster above....
  • Commented on The not-so-great escape
    > But just use HTML::Entities and forget about manually doing everything with regexes. It's probably better to use a module which does the job automatically, but what are you going to do when the module you use is wrong? I've...
  • Posted The not-so-great escape to The Incredible Journey

    Escaping HTML is the process of converting a user's input into something which can be displayed back to the user in a web browser. For example, in a comment section on a blog, or a wiki editable by users.

    Given user input such as <script>, to display that correctly, an HTML
    esc…

  • Commented on \d does not validate numbers
    > That’s what /a is for. As a followup to this article, I am thinking about making another blog post showing how \d is used to match numbers in actual CPAN modules. It's used for number validation in more than...
  • Commented on \d does not validate numbers
    Yes, I switched to using [0-9] almost everywhere. I think it's simpler....
  • Posted \d does not validate numbers to The Incredible Journey

    http://stackoverflow.com/questions/43814055/easy-to-check-if-user-input-is-a-number-in-perl

    points us to this Perl FAQ:

    http://perldoc.perl.org/perlfaq4.html#How-do-I-determine-whether-a-scalar-is-a-number%2fwhole%2finteger%2ffloat%3f

    Unfortunately, the regular expression p…

  • Commented on Perl 5 Porters Mailing List Summary: January 11th-24th
    > Aaron Crane had reduced the problem in Perl #127323 (segfault with Storable) to a problem with JSON::XS or Cpanel::JSON::XS. This should be 127232. I've responded here: https://rt.perl.org/Ticket/Display.html?id=127232#txn-1386359 In short, there is no problem with JSON::XS or Cpanel::JSON::XS, this is...
  • Commented on Wish list: SVG to PNG converter
    Sorry to comment after a long delay. I made this module for some tasks I needed to do and released it on CPAN in case anyone found it useful: https://metacpan.org/release/Image-CairoSVG It does not cover all of the SVG specification, but...
  • Commented on Response to The Perl Jam 2
    The perl code he posts at 00:20:33 into the video isn’t correct: sub rubin { $arg1, $arg2 = @_; print "$arg1 $arg2\n"; } rubin (1, 2); just prints out ” 2” because he left out the () around $arg1, $arg2....
  • Commented on A marvellous source of color info
    There's a CPAN module which gives you most of that information: Convert::Color. Combine it with a module like Cairo and you could probably reproduce everything on that site....
  • Commented on search.cpan.org
    I like search.cpan.org because it's much faster than metacpan.org. Also some modules don't show up on metacpan.org, and it's often necessary to do "shift-reload" on metacpan.org to re-synch the pages....
  • Commented on git blame across the entire codebase
    28840 1.31% David Mitchell 13507 0.61% Dave Mitchell Is it two different people with a similar name or the same person under two different names?...
  • Commented on Detecting JSON/YAML/Perl/CSV/TSV/LTSV
    JSON::Parse looks interesting, bookmarked it for later. I don't know of any other validators like this for Perl. If you want to throw the first part of the JSON at it and see if just the chunk is correct...
  • Commented on Detecting JSON/YAML/Perl/CSV/TSV/LTSV
    Would "assert_valid_json" from JSON::Parse be any use? It validates JSON without creating Perl structures, so it's up to ten times faster than JSON::XS. For invalid JSON, it stops reading at the very first byte which isn't valid JSON, and returns...
  • Commented on The CPAN new dist a month contest
    I like these, but I wish we would have as many drives to fix open CPAN issues, especially in core or heavily-used modules. Neil, the author of the blog post, also started a CPAN adoption drive to get people...
  • Commented on Perl 5.19.x performance improvements
    I think this material is interesting and would be interested to hear more about it. Also, maybe you could link to the commits where the changes were added. I think some people would be interested....
  • Commented on On the relative readability of Perl and Python
    That said I will absolutely not concede that Python is easier to read than Python I don’t see how it can be....
  • Commented on Graphics::Potrace
    May I suggest indicating the github repostitory in your module? For example see this: http://cpansearch.perl.org/src/BKB/JSON-Parse-0.29/Makefile.PL In particular the META_MERGE does the work here. I don't know how to do that with Dist::Zilla but I am sure there is a way....
  • Commented on Graphics::Potrace
    May I suggest putting it on github or a similar service?...
  • Commented on A tour on perl-5.18.1 with c2ast, Marpa-powered C parser
    This is a nice demonstration. But ... Nevertheless, these are all good practices Debatable. POSIX doesn't allow me to have a typedef benbullock_t or a function called strike_me_with_a_hammer () in my program since it may clash with the future POSIX...
  • Commented on POD Web View
    That's dandy. The "URL" doesn't work at all for me. The "Upload file" doesn't work, although the drag and drop worked. Also, I noticed there were no problems with a very Unicode heavy pod file....
  • Commented on I try to use PDL::Stats, but Test failed.
    I got the same error. Because I prefer looking at the static version of cpantesters, I went to http://static.cpantesters.org/distro/P/PDL-Stats.html and noticed that the tests were all passing in the latest "developer release". Anyway, the bug seems to be fixed in...
  • Commented on A convention for Changes files
    OK thanks. I made a script, I don't know if it is any use to you but here it is: http://www.lemoda.net/perl/perl-retro-changes/index.cgi...
  • Commented on A convention for Changes files
    You sent me a Changes file for a module, with the dates of the release versions etc. How did you make the Changes file? I want to be able to generate my own retrospective Changes file....
  • Commented on Am I pandering to the smoke testers?
    Thank you for your hard work in setting up the CPAN tester's site, which I very much appreciate. My point was actually that my original query about not being able to search for the obscure XS errors quite possibly did...
  • Commented on Am I pandering to the smoke testers?
    Sorry, I should have added more links to that discussion. I brought up the issue of CPAN testers not being searchable using Google on the mailing list for CPAN testers a while ago using an example of a problem with...
  • Commented on Am I pandering to the smoke testers?
    First, are Nigel's boxes able to build XS modules without trouble? I have various test reports for one XS module and Nigel Horne seems to be able to build it. I'm not sure because there's no way I could...
  • Commented on Do your piece to fix TIOBE or stop talking about it
    So either fix it, or stop talking about it. I choose to stop talking about it....
  • Commented on Site Front Page
    Yes, why is this not enabled for the main page? It would have saved a lot of discussions....
Subscribe to feed Recent Actions from Ben Bullock

  • mj41 commented on Response to The Perl Jam 2

    Yes, everybody should use static languages. For example Java.

    “… Going forward, developers should take this as an example of why it’s not safe to unserialize untrusted data. Unfortunately in the Java world, so much is built on the concept that this is okay, it’s going to take a long time to move away from that. …”

    http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-open…

  • Sawyer X commented on Perl 5 Porters Mailing List Summary: January 11th-24th

    Thanks for the correction, Ben. I've amended the blog post and I will issue a correction in the next summary!

  • Karl Williamson commented on \d does not validate numbers

    DEVANAGARI DIGIT NINE, for example, is used by millions of people millions, perhaps billions, of times a day as an essential component of their numbers. I don't know if you are being careless with your terminology, or wrongly arrogant about the place in the universe of [0-9].

    Unicode::UCD::num(), since Perl 5.14, can be used to make sure that a string of digits are all from the same script, so are not spoofing attempts, returning the numeric value the string represents, or undef if it is illegal.

  • Aristotle commented on The not-so-great escape
    [The double-quote] should probably be escaped too, in case the text is going to appear in an attribute value.

    And so should the single quote, for the same reason. So there are 5 characters in total that you need to escape.

    For widest compatibility with all the various *ML languages, it is best to use decimal numeric entities.

    And lastly, the ordering problems mentioned by Ben become irrelevant if you do all of the escapes in a single pass.

    All put together:

    s/([<>&'"])/'&#'.ord($1).';'/ge
  • Ron Savage commented on The not-so-great escape

    Hi Ben

    See also HTML::Entities::Interpolate.

Subscribe to feed Responses to Comments from Ben Bullock

About blogs.perl.org

blogs.perl.org is a common blogging platform for the Perl community. Written in Perl and offering the modern features you’ve come to expect in blog platforms, the site is hosted by Dave Cross and Aaron Crane, with a design donated by Six Apart, Ltd.