[Catalyst] Views and escaping HTML

Mesdaq, Ali amesdaq at websense.com
Thu Apr 1 18:58:00 GMT 2010

Actually I was not aware of built-in | html escaping. Where is the documentation for that? Or better yet where exactly is that built-in? Is that a catalyst method or TT? Now the authors question makes A LOT more sense. I guess I must be doing things the 1999 way.

Sr. Security Researcher
Websense Security Labs

-----Original Message-----
From: J. Shirley [mailto:jshirley at gmail.com] 
Sent: Thursday, April 01, 2010 10:35 AM
To: The elegant MVC web framework
Subject: Re: [Catalyst] Views and escaping HTML

On Thu, Apr 1, 2010 at 10:27 AM, Mesdaq, Ali <amesdaq at websense.com> wrote:
> You prefer global escaping to escaping in the template? I use the TT plugin for escaping
> [% USE HTML %]
> [% HTML.escape(needs.escaping) %]
> An idea that might work for you would be if you structure your data in the stash and create your templates generically looking for data in specific stash locations you could accomplish what you want with very little work (potentially) something like:
> [% USE HTML %]
> <title>[% data.title %]</title>
> <h1>[% HTML.escape(data.escape.something) %]</h1>
> Not sure if that would work for you

Why would you use the HTML plugin rather than just the built-in | html
and | uri filters?

The HTML plugin gives you HTML generation, using it for filtering
seems redundant.

PS., adding a template_class would be great... I'd love to have global
escaping in a few apps.


List: Catalyst at lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

 Protected by Websense Hosted Email Security -- www.websense.com 

More information about the Catalyst mailing list