[dancer-users] Best practice to escape HTML entities in Dancer2 and TT
Hermann Calabria
hermann at ivouch.com
Sat Feb 10 17:16:52 GMT 2018
Why not use TT’s native FILTER capability:
<% somehtml FILTER html %>
From an MVC perspective it’s probably the right place to do html escaping — not at the lib (Model) level.
You can also pipe additional filters:
<% somehtml FILTER html | html_line_break | more filters %>
Sent from my mobile. Please excuse brevity & typos.
> On Feb 10, 2018, at 8:39 AM, Lutz Gehlen <lrg_ml at gmx.net> wrote:
>
> Hi Shlomi,
>
> thanks for your reply. I have tried to use your module, but I am
> unsure how to activate it in my Dancer2 application. I have added
> the class as STASH to my template engine in config.yml:
>
> template: "template_toolkit"
> engines:
> template:
> template_toolkit:
> start_tag: '[%'
> end_tag: '%]'
> ENCODING: utf8
> <snip>...</snip>
> STASH: 'Template::Stash::AutoEscaping'
>
> First, I got the error message that the module was not loaded, but
> even if I load the module manually I get:
>
> Can't use string ("Template::Stash::AutoEscaping") as a HASH ref
> while "strict refs" in use at /usr/local/lib/x86_64-linux-
> gnu/perl/5.20.2/Template/Stash.pm line 161.
>
> It seems like Template::Stash expects an instance of the stash class
> (like you show in the SYNOPSIS section of your module). But how do I
> tell Dancer2 to instantiate the class and hand it over to TT? Can
> you help we with that?
>
> Cheers,
> Lutz
>
>
>> On Saturday, 10.02.2018 13:42:01 Shlomi Fish wrote:
>> Hi Lutz,
>>
>> On Sat, 10 Feb 2018 11:15:07 +0100
>>
>> Lutz Gehlen <lrg_ml at gmx.net> wrote:
>>> Hello all,
>>>
>>> in Dancer1, I have been using Dancer::Plugin::EscapeHTML to
>>> automatically escape HTML entities in server generated output. I
>>> have never tried to figure out how it does its job, but it
>>> seemed to do what I needed.
>>>
>>> I have not found a similar plugin for Dancer2. However, this
>>> must be a widespread problem, isn't it? What is the best
>>> practice to automatically escape HTML entities with Dancer2 and
>>> Template::Toolkit?
>>
>> perhaps see
>> https://metacpan.org/release/Template-Stash-AutoEscaping . Note
>> that it is a fork by me of a different module.
>>
>>> Thank you and best wishes,
>>> Lutz
>>>
>>> _______________________________________________
>>> dancer-users mailing list
>>> dancer-users at dancer.pm
>>> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
> _______________________________________________
> dancer-users mailing list
> dancer-users at dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
More information about the dancer-users
mailing list