Hi Hermann, On Saturday, 10.02.2018 09:16:52 Hermann Calabria wrote:
Why not use TT’s native FILTER capability:
<% somehtml FILTER html %>
The reason is that the application has many templates with many output sections that need to be filtered. To add the html filter to each of these places would be both cumbersome and error-prone. I think it would be safer and more elegant to use a more centralized approach.
From an MVC perspective it’s probably the right place to do html escaping — not at the lib (Model) level.
I agree that the View level is the right place to do the escaping instead of e.g. the Model level. However, a solution along the lines of Shlomi's suggestion, which modifies the behavior of Template::Toolkit, _is_ at the View level. Best wishes, Lutz
On Feb 10, 2018, at 8:39 AM, Lutz Gehlen <lrg_ml@gmx.net> wrote:
Hi Shlomi,
thanks for your reply. I have tried to use your module, but I am unsure how to activate it in my Dancer2 application. I have added the class as STASH to my template engine in config.yml:
template: "template_toolkit"
engines: template: template_toolkit: start_tag: '[%' end_tag: '%]' ENCODING: utf8
<snip>...</snip>
STASH: 'Template::Stash::AutoEscaping'
First, I got the error message that the module was not loaded, but even if I load the module manually I get:
Can't use string ("Template::Stash::AutoEscaping") as a HASH ref while "strict refs" in use at /usr/local/lib/x86_64-linux- gnu/perl/5.20.2/Template/Stash.pm line 161.
It seems like Template::Stash expects an instance of the stash class (like you show in the SYNOPSIS section of your module). But how do I tell Dancer2 to instantiate the class and hand it over to TT? Can you help we with that?
Cheers, Lutz
On Saturday, 10.02.2018 13:42:01 Shlomi Fish wrote: Hi Lutz,
On Sat, 10 Feb 2018 11:15:07 +0100
Lutz Gehlen <lrg_ml@gmx.net> wrote:
Hello all,
in Dancer1, I have been using Dancer::Plugin::EscapeHTML to automatically escape HTML entities in server generated output. I have never tried to figure out how it does its job, but it seemed to do what I needed.
I have not found a similar plugin for Dancer2. However, this must be a widespread problem, isn't it? What is the best practice to automatically escape HTML entities with Dancer2 and Template::Toolkit?
perhaps see https://metacpan.org/release/Template-Stash-AutoEscaping . Note that it is a fork by me of a different module.
Thank you and best wishes, Lutz