in reply to How to test all TT2 tags are escaped.
IMHO the proper solution isn't (or at least not only) rigorous testing, but escaping by default. I've asked about that in the past, Re: HTML::Template vs. Template::Toolkit vs. ?? (esp. the reference to Template::Stash::HTML::Entities and default_escape for Template::Toolkit? might be relevant.
If none of those solutions work well, I'd consider it sufficient reason not to use TT2, and switch to a template system that supports default escaping.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: How to test all TT2 tags are escaped.
by chrestomanci (Priest) on Oct 28, 2013 at 15:34 UTC |
In Section
Seekers of Perl Wisdom