Closed evanroberts-foundant closed 2 years ago
It looks like https://github.com/oalders/html-restrict/pull/37#issuecomment-470614396 could have used more discussion. You could decode HTML entities on the output, but I think we could just add a new option encode_entities
which would default to 1, but could be disabled at object instantiation. That would allow you to preserve the old behaviour. Does that work for you? Thoughts on this @haarg?
Sometime between version 2.3.0 and 3.0.0 the process() method is html-encoding the return value (at least in some cases).
use HTML::Restrict; my $scrubber = HTML::Restrict->new();
in 2.3.0 this results in '&' being printed
in 3.0.0 this results in '& ' being printed (&-a-m-p-;)
print $scrubber->process('&');
This makes it impossible to use it in a use-case where plain text is being processed for html tags. We are using it to strip html out of otherwise valid text. html-encoding & breaks the data since we expect the output to be pure-text.