[dancer-users] Best practice to escape HTML entities in Dancer2 and TT
lrg_ml at gmx.net
Tue Feb 20 08:47:58 GMT 2018
thank you for your reply and your research on the escaping plugins.
On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> Since you seem to have an itch here, how about you port the
> plugin? Then you get the software you want. You’ve got
> preexisting code on both sides to work with: the source plugin
> and many examples of existing D2 plugins to aid in the
Yes, maybe porting the plugin is the way to go. However, part of my
intention in raising this topic on the list was to find out whether a
port of Dancer::Plugin::EscapeHTML actually _is_ the software I
really want. What made me think was that nobody has done it so far
as a solution to what I believed to be a standard problem.
Furthermore, the documentation of Dancer::Plugin::EscapeHTML states:
"If you're using Template Toolkit, you may wish to look instead at
Template::Stash::EscapeHTML which takes care of this reliably at the
template engine level, and is more widely-used and tested than this
This supposedly goes along the same line as Shlomi's suggestion of
Template::Stash::AutoEscaping, but so far I have not figured out how
to deploy this approach in Dancer.
So to come back to your suggestion of porting
Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but need
to find out more about whether this is the right way to go.
More information about the dancer-users