[dancer-users] Best practice to escape HTML entities in Dancer2 and TT
Lutz Gehlen
lrg_ml at gmx.net
Sat Feb 10 16:39:12 GMT 2018
Hi Shlomi,
thanks for your reply. I have tried to use your module, but I am
unsure how to activate it in my Dancer2 application. I have added
the class as STASH to my template engine in config.yml:
template: "template_toolkit"
engines:
template:
template_toolkit:
start_tag: '[%'
end_tag: '%]'
ENCODING: utf8
<snip>...</snip>
STASH: 'Template::Stash::AutoEscaping'
First, I got the error message that the module was not loaded, but
even if I load the module manually I get:
Can't use string ("Template::Stash::AutoEscaping") as a HASH ref
while "strict refs" in use at /usr/local/lib/x86_64-linux-
gnu/perl/5.20.2/Template/Stash.pm line 161.
It seems like Template::Stash expects an instance of the stash class
(like you show in the SYNOPSIS section of your module). But how do I
tell Dancer2 to instantiate the class and hand it over to TT? Can
you help we with that?
Cheers,
Lutz
On Saturday, 10.02.2018 13:42:01 Shlomi Fish wrote:
> Hi Lutz,
>
> On Sat, 10 Feb 2018 11:15:07 +0100
>
> Lutz Gehlen <lrg_ml at gmx.net> wrote:
> > Hello all,
> >
> > in Dancer1, I have been using Dancer::Plugin::EscapeHTML to
> > automatically escape HTML entities in server generated output. I
> > have never tried to figure out how it does its job, but it
> > seemed to do what I needed.
> >
> > I have not found a similar plugin for Dancer2. However, this
> > must be a widespread problem, isn't it? What is the best
> > practice to automatically escape HTML entities with Dancer2 and
> > Template::Toolkit?
>
> perhaps see
> https://metacpan.org/release/Template-Stash-AutoEscaping . Note
> that it is a fork by me of a different module.
>
> > Thank you and best wishes,
> > Lutz
> >
> > _______________________________________________
> > dancer-users mailing list
> > dancer-users at dancer.pm
> > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
More information about the dancer-users
mailing list