[dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Scott H scott.harpster at gmail.com
Tue Mar 13 18:51:54 GMT 2018


Did this work?

On Wed, Feb 21, 2018 at 6:46 AM, Lutz Gehlen <lrg_ml at gmx.net> wrote:

> Hi Scott,
>
> thank you for your reply. This looks exactly like the piece of
> information I was lacking. I'll be traveling the next couple of
> days, but I'll certainly try this approach next week.
>
> Cheers,
> Lutz
>
>
> On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> > Looking into what your asking, have you tried this:
> > https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> >
> > Go to Advanced Customizations and you'll see how to create a
> > subclass module to return $tt. Have you tried this method?
> >
> > -Scott
> >
> > On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen <lrg_ml at gmx.net>
> wrote:
> > > Hi Warren,
> > >
> > > thank you for your reply and your research on the escaping
> > > plugins.>
> > > On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> > > > Since you seem to have an itch here, how about you port the
> > > > plugin?  Then you get the software you want.  You’ve got
> > > > preexisting code on both sides to work with: the source plugin
> > > > and many examples of existing D2 plugins to aid in the
> > > > translation.
> > >
> > > Yes, maybe porting the plugin is the way to go. However, part of
> > > my intention in raising this topic on the list was to find out
> > > whether a port of Dancer::Plugin::EscapeHTML actually _is_ the
> > > software I really want. What made me think was that nobody has
> > > done it so far as a solution to what I believed to be a
> > > standard problem.
> > >
> > > Furthermore, the documentation of Dancer::Plugin::EscapeHTML
> > > states: "If you're using Template Toolkit, you may wish to look
> > > instead at Template::Stash::EscapeHTML which takes care of this
> > > reliably at the template engine level, and is more widely-used
> > > and tested than this module."
> > >
> > > This supposedly goes along the same line as Shlomi's suggestion
> > > of Template::Stash::AutoEscaping, but so far I have not figured
> > > out how to deploy this approach in Dancer.
> > >
> > > So to come back to your suggestion of porting
> > > Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but
> > > need to find out more about whether this is the right way to
> > > go.
> > >
> > > Cheers,
> > > Lutz
> > >
> > > _______________________________________________
> > > dancer-users mailing list
> > > dancer-users at dancer.pm
> > > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
> _______________________________________________
> dancer-users mailing list
> dancer-users at dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.preshweb.co.uk/pipermail/dancer-users/attachments/20180313/3f0a58ff/attachment.html>


More information about the dancer-users mailing list