in reply to Re: Escaping double quotes in complete document
in thread Escaping double quotes in complete document

This protects you from Cross-Site-Scripting attacks and handles the double quote issue.

Not quite, you're missing the html filter, e.g.:

use Template;
my $tt = Template->new();
my $soap = ' "foo" <bar> &amp; ';
$tt->process(\<<END, {soap=>$soap}) || die $tt->error();
<html>
  <input type="text" name="mytext" value="[% soap %]"/>
</html>
END
$tt->process(\<<END, {soap=>$soap}) || die $tt->error();
<html>
  <input type="text" name="mytext" value="[% soap | html %]"/>
</html>
END

__END__

<html>
  <input type="text" name="mytext" value=" "foo" <bar> &amp; "/>
</html>
<html>
  <input type="text" name="mytext" value=" &quot;foo&quot; &lt;bar&gt;
+ &amp;amp; "/>
</html>

[download]

Replies are listed 'Best First'.
Re^3: Escaping double quotes in complete document
by holli (Abbot) on Jun 27, 2017 at 14:49 UTC
    Well, it's been a while :-)


    holli

    You can lead your users to water, but alas, you cannot drown them.
[reply]

In Section Seekers of Perl Wisdom