On Wed, Apr 14, 2010 at 11:38 AM, Alexis Sukrieh <sukria@sukria.net> wrote:
Hi John,

Hey
 
> 2 - explicit html-escape in templates (con: you need this on nearly all variable interpolations in every template)

This is not yet possible, but will be as soon as we add support for
another kind of filter: "before_template", see
http://github.com/sukria/Dancer/issues#issue/60

Also, this can be done using the template engine of your choice (if it supports it).
Template Toolkit supports "| html" filter, which escapes your outputted variable.
 
> 3 - auto html-escape in templates (con: this breaks some complex template logic)

Seems like it would suck to work with it.
"<% IF var == "3&gt;" %>"

S.