[dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Lutz Gehlen lrg_ml at gmx.net
Sat Feb 10 16:39:12 GMT 2018

Hi Shlomi,

thanks for your reply. I have tried to use your module, but I am 
unsure how to activate it in my Dancer2 application. I have added 
the class as STASH to my template engine in config.yml:

template: "template_toolkit"
      start_tag: '[%'
      end_tag:   '%]'
      ENCODING: utf8
      STASH: 'Template::Stash::AutoEscaping'

First, I got the error message that the module was not loaded, but 
even if I load the module manually I get:

Can't use string ("Template::Stash::AutoEscaping") as a HASH ref 
while "strict refs" in use at /usr/local/lib/x86_64-linux-
gnu/perl/5.20.2/Template/Stash.pm line 161.

It seems like Template::Stash expects an instance of the stash class 
(like you show in the SYNOPSIS section of your module). But how do I 
tell Dancer2 to instantiate the class and hand it over to TT? Can 
you help we with that?


On Saturday, 10.02.2018 13:42:01 Shlomi Fish wrote:
> Hi Lutz,
> On Sat, 10 Feb 2018 11:15:07 +0100
> Lutz Gehlen <lrg_ml at gmx.net> wrote:
> > Hello all,
> > 
> > in Dancer1, I have been using Dancer::Plugin::EscapeHTML to
> > automatically escape HTML entities in server generated output. I
> > have never tried to figure out how it does its job, but it
> > seemed to do what I needed.
> > 
> > I have not found a similar plugin for Dancer2. However, this
> > must be a widespread problem, isn't it? What is the best
> > practice to automatically escape HTML entities with Dancer2 and
> > Template::Toolkit?
> perhaps see
> https://metacpan.org/release/Template-Stash-AutoEscaping . Note
> that it is a fork by me of a different module.
> > Thank you and best wishes,
> > Lutz
> > 
> > _______________________________________________
> > dancer-users mailing list
> > dancer-users at dancer.pm
> > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

More information about the dancer-users mailing list