14 Apr
2010
14 Apr
'10
9:07 a.m.
On Wed, Apr 14, 2010 at 11:38 AM, Alexis Sukrieh <sukria@sukria.net> wrote:
Hi John,
Hey
2 - explicit html-escape in templates (con: you need this on nearly all variable interpolations in every template)
This is not yet possible, but will be as soon as we add support for another kind of filter: "before_template", see http://github.com/sukria/Dancer/issues#issue/60
Also, this can be done using the template engine of your choice (if it supports it). Template Toolkit supports "| html" filter, which escapes your outputted variable.
3 - auto html-escape in templates (con: this breaks some complex template logic)
Seems like it would suck to work with it. "<% IF var == "3>" %>" S.