Skip to content

A kind of bug in HTML::FillInForm

The HTML::FillInForm package uses its own implementation of escapeHTML function, different from the implementation in the CGI package.

If you use HTML::FillInForm or CGI::Application::Plugin::FillInForm package (the latter is an interface to the former) to process a form with values escaped by CGI::escapeHTML(), you may get incorrect option selected by default inside a <select> tag (the "selected" attribute isn't set where it should be).

The problem is that HTML::FillInForm uses HTML::Parser package to parse the code passed to it, which in turn enescape attribute values into the current encoding, that is why the HTML::FillInForm package need to apply the escapeHTML() function to attribute values of tags after parser to compare them with the value of user parameters passed to fill the form. If different implementations of escapeHTML() function are used in the user script and in the package, you can get the same string "unequal" after each of these function. 🙂

To solve the situation it's enough to add the following code at the beginning of your script:

use HTML::FillInForm;

package HTML::FillInForm;
use CGI (qw/escapeHTML/);

sub escapeHTML {
  my ($self, $toencode) = @_;
  return undef unless defined($toencode);
  return CGI::escapeHTML($toencode);

Leave a Reply

Your email address will not be published.