#!/usr/bin/perl -T

# Second version which is XSS free

use strict;
use warnings;

use CGI;
use Template::Secure;

my $query = CGI->new;

my $name = $query->param('name') || 'World';

my $tt = Template::Secure->new;

print $query->header;
$tt->process(\*DATA, { name => $name }) || die $tt->error(), "\n";

__END__
[% USE HTML %]

<html>
<head>
<title>Sample program</title>
</head>
<body>
Hello, [% HTML.escape(name) %]!
</body>
</html>