[Catalyst] Views and escaping HTML
publiustemp-catalyst at yahoo.com
Thu Apr 1 10:00:24 GMT 2010
I've been searching for the best answer, but there's a huge amount to wade through.
I'm working on a Catalyst app where all views are purely HTML. I use Catalyst::View::TT. The vast majority of my data in views should be HTML escaped:
[% message | html %]
However, I'd like that to be the default rather than the exception because it's easy to forget this. I wanted to just do this in the view class:
STASH => Template::Stash::EscapeHTML
But that globally escapes everything, thus destroying my forms. I considered writing my own stash but had trouble getting enough information to always be sure of doing the right thing. It might be nice if Catalyst::View::TT accepted a Template subclass, something like this:
use parent 'Catalyst::View::TT';
TEMPLATE_CLASS => 'Template::HTML',
TEMPLATE_EXTENSION => '.tt',
WRAPPER => 'site/wrapper',
That would cause everything to be HTML escaped, unless I use the new "none" filter:
[% form.render | none %]
However, that doesn't work because the template class is hard-coded into Catalyst::View::TT.
I'm not sure if this is the best way to go about this, though. Should I just continue work on a custom stash? How have others dealt with this?
Buy the book - http://www.oreilly.com/catalog/perlhks/
Tech blog - http://blogs.perl.org/users/ovid/
Twitter - http://twitter.com/OvidPerl
Official Perl 6 Wiki - http://www.perlfoundation.org/perl6
More information about the Catalyst