[Catalyst] Views and escaping HTML
Brian Phillips
bpphillips+ml at gmail.com
Thu Apr 1 19:11:46 GMT 2010
http://search.cpan.org/~abw/Template-Toolkit-2.22/lib/Template/Manual/Filte=
rs.pod#html
On Thu, Apr 1, 2010 at 1:58 PM, Mesdaq, Ali <amesdaq at websense.com> wrote:
> Actually I was not aware of built-in | html escaping. Where is the
> documentation for that? Or better yet where exactly is that built-in? Is
> that a catalyst method or TT? Now the authors question makes A LOT more
> sense. I guess I must be doing things the 1999 way.
>
> Thanks,
> ------------------------------------------
> Ali Mesdaq (CISSP, GIAC-GREM)
> Sr. Security Researcher
> Websense Security Labs
> http://www.WebsenseSecurityLabs.com
> ------------------------------------------
>
>
> -----Original Message-----
> From: J. Shirley [mailto:jshirley at gmail.com]
> Sent: Thursday, April 01, 2010 10:35 AM
> To: The elegant MVC web framework
> Subject: Re: [Catalyst] Views and escaping HTML
>
> On Thu, Apr 1, 2010 at 10:27 AM, Mesdaq, Ali <amesdaq at websense.com> wrote:
> > You prefer global escaping to escaping in the template? I use the TT
> plugin for escaping
> >
> > [% USE HTML %]
> > [% HTML.escape(needs.escaping) %]
> >
> > An idea that might work for you would be if you structure your data in
> the stash and create your templates generically looking for data in speci=
fic
> stash locations you could accomplish what you want with very little work
> (potentially) something like:
> >
> > [% USE HTML %]
> > <title>[% data.title %]</title>
> > <h1>[% HTML.escape(data.escape.something) %]</h1>
> >
> > Not sure if that would work for you
> >
>
> Why would you use the HTML plugin rather than just the built-in | html
> and | uri filters?
>
> The HTML plugin gives you HTML generation, using it for filtering
> seems redundant.
>
> PS., adding a template_class would be great... I'd love to have global
> escaping in a few apps.
>
> -J
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
> Protected by Websense Hosted Email Security -- www.websense.com
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100401/e328d=
21a/attachment.htm
More information about the Catalyst
mailing list