[dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Warren Young warren at etr-usa.com
Mon Feb 19 17:59:19 GMT 2018

On Feb 19, 2018, at 5:08 AM, Lutz Gehlen <lrg_ml at gmx.net> wrote:
> What is everybody else 
> doing? Or am I mistaken and this is a minority problem after all?

The problem never came up for me because my Dancer code was migrated from Apache::ASP, which doesn’t have anything like the solutions proposed so far in this thread.  I had to do my own escaping with HTML::Entities and such, so keeping that existing code has been the path of least resistance.

It may well be that when people go searching the web for “perl html escape”, they find HTML::Entities and just go with that.  It’s the third result here.  (YMMV.)  The first result recommends URI::Escape instead, which is wrong, and the second answer is a Stack Overflow post, where the top answer recommends HTML::Escape.

Since you seem to have an itch here, how about you port the plugin?  Then you get the software you want.  You’ve got preexisting code on both sides to work with: the source plugin and many examples of existing D2 plugins to aid in the translation.

More information about the dancer-users mailing list