[dancer-users] Best practice to escape HTML entities in Dancer2 and TT
Lutz Gehlen
lrg_ml at gmx.net
Thu Mar 22 18:01:41 GMT 2018
Hey Scott, hey all,
ok, here is what I did. I wrote a Dancer2::Template::MyApp module
following the example in Dancer2::Template::TemplateToolkit:
----
package Dancer2::Template::MyApp;
use 5.014;
use Moo;
use Template::Stash::AutoEscaping;
extends 'Dancer2::Template::TemplateToolkit';
around '_build_engine' => sub {
my $orig = shift;
my $self = shift;
my $tt = $self->$orig(@_);
# replace the stash object
$tt->service->context->{STASH} = Template::Stash::AutoEscaping-
>new(
$self->config->{STASH}
);
return $tt;
};
1;
----
Then I adapted my config.yml
----
template: "MyApp"
engines:
template:
MyApp:
start_tag: '[%'
end_tag: '%]'
ENCODING: utf8
STASH:
----
If I try to call a route in my application, the route crashes with:
Route exception: Failed to render template: undef error - Not a GLOB
reference at /usr/local/lib/x86_64-linux-
gnu/perl/5.20.2/Template/Provider.pm line 618.
If I comment out the replacement of the stash object it works
(unsurprisingly).
I have also tried to overload the entire build_engine method instead
of using "around" in order to construct the Template object with the
alternative stash object right away. This leads to the same result.
I went to line 618 of Template::Provider and printed out the
respective variable using Data::Dumper. It seems to be an arrayref
blessed into Template::Stash::AutoEscaping::Escaped::HTML. However,
Template::Provider obviously expects a GLOB reference.
I'd be very thankful if someone could help me on with this. I am
stuck.
Thank you and best wishes,
Lutz
On Monday, 19.03.2018 19:07:19 Lutz Gehlen wrote:
> Hey Scott,
>
> sorry for the long silence. After my return I've tried to get this
> solution to work, but so far I've not been successful. I wanted
> to write up my attempts, but got buried in other work, hence the
> delay. I'll reply in more detail later this week.
>
> Cheers,
> Lutz
>
> On Tuesday, 13.03.2018 12:51:54 Scott H wrote:
> > Did this work?
> >
> > On Wed, Feb 21, 2018 at 6:46 AM, Lutz Gehlen <lrg_ml at gmx.net>
>
> wrote:
> > > Hi Scott,
> > >
> > > thank you for your reply. This looks exactly like the piece of
> > > information I was lacking. I'll be traveling the next couple
> > > of
> > > days, but I'll certainly try this approach next week.
> > >
> > > Cheers,
> > > Lutz
> > >
> > > On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> > > > Looking into what your asking, have you tried this:
> > > > https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> > > >
> > > > Go to Advanced Customizations and you'll see how to create a
> > > > subclass module to return $tt. Have you tried this method?
> > > >
> > > > -Scott
> > > >
> > > > On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen
> > > > <lrg_ml at gmx.net>
[...]
More information about the dancer-users
mailing list