[dancer-users] Best practice to escape HTML entities in Dancer2 and TT
Lutz Gehlen
lrg_ml at gmx.net
Tue Feb 20 08:47:58 GMT 2018
Hi Warren,
thank you for your reply and your research on the escaping plugins.
On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> Since you seem to have an itch here, how about you port the
> plugin? Then you get the software you want. You’ve got
> preexisting code on both sides to work with: the source plugin
> and many examples of existing D2 plugins to aid in the
> translation.
Yes, maybe porting the plugin is the way to go. However, part of my
intention in raising this topic on the list was to find out whether a
port of Dancer::Plugin::EscapeHTML actually _is_ the software I
really want. What made me think was that nobody has done it so far
as a solution to what I believed to be a standard problem.
Furthermore, the documentation of Dancer::Plugin::EscapeHTML states:
"If you're using Template Toolkit, you may wish to look instead at
Template::Stash::EscapeHTML which takes care of this reliably at the
template engine level, and is more widely-used and tested than this
module."
This supposedly goes along the same line as Shlomi's suggestion of
Template::Stash::AutoEscaping, but so far I have not figured out how
to deploy this approach in Dancer.
So to come back to your suggestion of porting
Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but need
to find out more about whether this is the right way to go.
Cheers,
Lutz
More information about the dancer-users
mailing list