Jakub Narebski wrote: > I'm not sure what quoting to choose for esc_attr, but there we could > use even --no-control-chars quoting (replacing any control character > by '?'); but perhaps in some cases like git_print_page_path > subroutine CEC is better. I'm rambling. esc_attr is special case, because CGI does escapeHTML (and I hope also to_utf8) for us. Using <span class="cntrl">...</span> has also no sense. So there should be separate esc_attr_path subroutine I think. Even if we decide that esc_html and esc_path should give identical output (the difference that _might_ be here is that in esc_html we don't need to escape whitespace control characters valid in HTML, like tab (HT, TAB) or newline (LF); on the other hand thanks to line-by-line processing we should never get newline in "blob", and thanks to untabify we should never get tab in "blob") I think it would be prudent to have esc_path, even as thin wrapper just caling esc_html. We might decide to use different style for control characters in different views, but that I think can be done using pure CSS. -- Jakub Narebski Poland - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html