[dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Lutz Gehlen lrg_ml at gmx.net
Tue Feb 20 08:47:58 GMT 2018


Hi Warren,

thank you for your reply and your research on the escaping plugins.

On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> Since you seem to have an itch here, how about you port the
> plugin?  Then you get the software you want.  You’ve got
> preexisting code on both sides to work with: the source plugin
> and many examples of existing D2 plugins to aid in the
> translation.

Yes, maybe porting the plugin is the way to go. However, part of my 
intention in raising this topic on the list was to find out whether a 
port of Dancer::Plugin::EscapeHTML actually _is_ the software I 
really want. What made me think was that nobody has done it so far 
as a solution to what I believed to be a standard problem. 

Furthermore, the documentation of Dancer::Plugin::EscapeHTML states:
"If you're using Template Toolkit, you may wish to look instead at 
Template::Stash::EscapeHTML which takes care of this reliably at the 
template engine level, and is more widely-used and tested than this 
module."

This supposedly goes along the same line as Shlomi's suggestion of 
Template::Stash::AutoEscaping, but so far I have not figured out how 
to deploy this approach in Dancer.

So to come back to your suggestion of porting 
Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but need 
to find out more about whether this is the right way to go.

Cheers,
Lutz



More information about the dancer-users mailing list