Re: Escaping double quotes in complete document

This is the minimal code to use a templating engine named Template::Toolkit.

my $tt = Template->new();

$tt->process( \q[<html>
  <!--Foo-->
  <input type="text" name="mytext" id="mytext" value="[% soap_result %
+]"/>
  <!--Bar-->
</html>], { soap_result => $soap_result }) || die $tt->error(), "\n";
[download]

This protects you from Cross-Site-Scripting attacks and handles the double quote issue.

holli

You can lead your users to water, but alas, you cannot drown them.

Comment on Re: Escaping double quotes in complete document Download Code

Replies are listed 'Best First'.
Re^2: Escaping double quotes in complete document by haukex (Archbishop) on Jun 27, 2017 at 14:44 UTC
This protects you from Cross-Site-Scripting attacks and handles the double quote issue. Not quite, you're missing the `html` filter, e.g.: use Template; my $tt = Template->new(); my $soap = ' "foo" <bar> & '; $tt->process(\<<END, {soap=>$soap}) \|\| die $tt->error(); <html> <input type="text" name="mytext" value="[% soap %]"/> </html> END $tt->process(\<<END, {soap=>$soap}) \|\| die $tt->error(); <html> <input type="text" name="mytext" value="[% soap \| html %]"/> </html> END __END__ <html> <input type="text" name="mytext" value=" "foo" <bar> & "/> </html> <html> <input type="text" name="mytext" value=" "foo" <bar> + &amp; "/> </html> [download]	[reply] [d/l] [select]
Re^3: Escaping double quotes in complete document by holli (Abbot) on Jun 27, 2017 at 14:49 UTC
Well, it's been a while :-) holli You can lead your users to water, but alas, you cannot drown them.	[reply]