Re: How to test all TT2 tags are escaped.

in reply to How to test all TT2 tags are escaped.

IMHO the proper solution isn't (or at least not only) rigorous testing, but escaping by default. I've asked about that in the past, Re: HTML::Template vs. Template::Toolkit vs. ?? (esp. the reference to Template::Stash::HTML::Entities and default_escape for Template::Toolkit? might be relevant.

If none of those solutions work well, I'd consider it sufficient reason not to use TT2, and switch to a template system that supports default escaping.

Perl 6 - the future is here, just unevenly distributed

Comment on Re: How to test all TT2 tags are escaped.

Replies are listed 'Best First'.
Re^2: How to test all TT2 tags are escaped. by chrestomanci (Priest) on Oct 28, 2013 at 15:34 UTC
Thanks for your suggestions. As you say, no support for default escaping ought to be a reason not to use TT2, but unfortunately it is not my decision. The design team are already pushing back against the use of git, code reviews and other modern practices, so there would be no point in starting yet another fight over which templating system to use unless the syntax is identical to TT2 to the point of bug for bug compatibility.	[reply]

Replies are listed 'Best First'.

Re^2: How to test all TT2 tags are escaped.
by chrestomanci (Priest) on Oct 28, 2013 at 15:34 UTC

Thanks for your suggestions.

As you say, no support for default escaping ought to be a reason not to use TT2, but unfortunately it is not my decision. The design team are already pushing back against the use of git, code reviews and other modern practices, so there would be no point in starting yet another fight over which templating system to use unless the syntax is identical to TT2 to the point of bug for bug compatibility.

[reply]

In Section Seekers of Perl Wisdom