[dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Lutz Gehlen lrg_ml at gmx.net
Thu Mar 22 18:01:41 GMT 2018 

Hey Scott, hey all,

ok, here is what I did. I wrote a Dancer2::Template::MyApp module
following the example in Dancer2::Template::TemplateToolkit:

----
package Dancer2::Template::MyApp;
use 5.014;

use Moo;
use Template::Stash::AutoEscaping;

extends 'Dancer2::Template::TemplateToolkit';


around '_build_engine' => sub {
    my $orig = shift;
    my $self = shift;

    my $tt = $self->$orig(@_);

    # replace the stash object
    $tt->service->context->{STASH} = Template::Stash::AutoEscaping-
>new(
        $self->config->{STASH}
    );

    return $tt;
};


1;
----

Then I adapted my config.yml

----
template: "MyApp"
engines:
  template:
    MyApp:
      start_tag: '[%'
      end_tag:   '%]'
      ENCODING: utf8
      STASH:
----

If I try to call a route in my application, the route crashes with:
Route exception: Failed to render template: undef error - Not a GLOB 
reference at /usr/local/lib/x86_64-linux-
gnu/perl/5.20.2/Template/Provider.pm line 618.

If I comment out the replacement of the stash object it works
(unsurprisingly).

I have also tried to overload the entire build_engine method instead
of using "around" in order to construct the Template object with the
alternative stash object right away. This leads to the same result.

I went to line 618 of Template::Provider and printed out the
respective variable using Data::Dumper. It seems to be an arrayref
blessed into Template::Stash::AutoEscaping::Escaped::HTML. However,
Template::Provider obviously expects a GLOB reference.

I'd be very thankful if someone could help me on with this. I am
stuck.

Thank you and best wishes,
Lutz


On Monday, 19.03.2018 19:07:19 Lutz Gehlen wrote:
> Hey Scott,
> 
> sorry for the long silence. After my return I've tried to get this
> solution to work, but so far I've not been successful. I wanted
> to write up my attempts, but got buried in other work, hence the
> delay. I'll reply in more detail later this week.
> 
> Cheers,
> Lutz
> 
> On Tuesday, 13.03.2018 12:51:54 Scott H wrote:
> > Did this work?
> > 
> > On Wed, Feb 21, 2018 at 6:46 AM, Lutz Gehlen <lrg_ml at gmx.net>
> 
> wrote:
> > > Hi Scott,
> > > 
> > > thank you for your reply. This looks exactly like the piece of
> > > information I was lacking. I'll be traveling the next couple
> > > of
> > > days, but I'll certainly try this approach next week.
> > > 
> > > Cheers,
> > > Lutz
> > > 
> > > On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> > > > Looking into what your asking, have you tried this:
> > > > https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> > > > 
> > > > Go to Advanced Customizations and you'll see how to create a
> > > > subclass module to return $tt. Have you tried this method?
> > > > 
> > > > -Scott
> > > > 
> > > > On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen
> > > > <lrg_ml at gmx.net>

[...]

More information about the dancer-users mailing list