[dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Lutz Gehlen lrg_ml at gmx.net
Wed Feb 21 13:46:24 GMT 2018


Hi Scott,

thank you for your reply. This looks exactly like the piece of 
information I was lacking. I'll be traveling the next couple of 
days, but I'll certainly try this approach next week.

Cheers,
Lutz


On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> Looking into what your asking, have you tried this:
> https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> 
> Go to Advanced Customizations and you'll see how to create a
> subclass module to return $tt. Have you tried this method?
> 
> -Scott
> 
> On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen <lrg_ml at gmx.net> 
wrote:
> > Hi Warren,
> > 
> > thank you for your reply and your research on the escaping
> > plugins.> 
> > On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> > > Since you seem to have an itch here, how about you port the
> > > plugin?  Then you get the software you want.  You’ve got
> > > preexisting code on both sides to work with: the source plugin
> > > and many examples of existing D2 plugins to aid in the
> > > translation.
> > 
> > Yes, maybe porting the plugin is the way to go. However, part of
> > my intention in raising this topic on the list was to find out
> > whether a port of Dancer::Plugin::EscapeHTML actually _is_ the
> > software I really want. What made me think was that nobody has
> > done it so far as a solution to what I believed to be a
> > standard problem.
> > 
> > Furthermore, the documentation of Dancer::Plugin::EscapeHTML
> > states: "If you're using Template Toolkit, you may wish to look
> > instead at Template::Stash::EscapeHTML which takes care of this
> > reliably at the template engine level, and is more widely-used
> > and tested than this module."
> > 
> > This supposedly goes along the same line as Shlomi's suggestion
> > of Template::Stash::AutoEscaping, but so far I have not figured
> > out how to deploy this approach in Dancer.
> > 
> > So to come back to your suggestion of porting
> > Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but
> > need to find out more about whether this is the right way to
> > go.
> > 
> > Cheers,
> > Lutz
> > 
> > _______________________________________________
> > dancer-users mailing list
> > dancer-users at dancer.pm
> > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users



More information about the dancer-users mailing list