[Catalyst] Views and escaping HTML

Ovid publiustemp-catalyst at yahoo.com
Thu Apr 1 10:00:24 GMT 2010

Hi all,

I've been searching for the best answer, but there's a huge amount to wade through.

I'm working on a Catalyst app where all views are purely HTML.  I use Catalyst::View::TT.  The vast majority of my data in views should be HTML escaped:

    [% message | html %]

However, I'd like that to be the default rather than the exception because it's easy to forget this.  I wanted to just do this in the view class:

    STASH => Template::Stash::EscapeHTML

But that globally escapes everything, thus destroying my forms.  I considered writing my own stash but had trouble getting enough information to always be sure of doing the right thing.  It might be nice if Catalyst::View::TT accepted a Template subclass, something like this:

  package Veure::View::HTML;

  use Modern::Perl;
  use parent 'Catalyst::View::TT';

    TEMPLATE_CLASS     => 'Template::HTML',
    WRAPPER            => 'site/wrapper',

That would cause everything to be HTML escaped, unless I use the new "none" filter:

    [% form.render | none %]

However, that doesn't work because the template class is hard-coded into Catalyst::View::TT.

I'm not sure if this is the best way to go about this, though.  Should I just continue work on a custom stash?  How have others dealt with this?

Buy the book         - http://www.oreilly.com/catalog/perlhks/
Tech blog            - http://blogs.perl.org/users/ovid/
Twitter              - http://twitter.com/OvidPerl
Official Perl 6 Wiki - http://www.perlfoundation.org/perl6

More information about the Catalyst mailing list