dipit has asked for the wisdom of the Perl Monks concerning the following question: 

[% META
   title = 'Manage members'
%]

<p>
    This page lists the current members for <b>[% taskid_login %]</b>.
+ Below, you can delete members from the [% taskid_login %] by
    selecting one or more records in the table below. You can also add
+ new member(s) to this task ID by clicking on
    <b class="important">Add member</b>.
</p>

<div class="alternate-rule"><hr/></div>

<p class="ind-link">
    <a class="forward-em-link" href="[% webActionProcessor.controllerN
+ame %]?action=add_taskid_member&taskid_auth=[% taskid_auth | uri | ht
+ml %]&taskid_login=[% taskid_login |uri |html %]" title="Click here t
+o add a new Task ID member.">Add member</a>
</p>

[%# Show global delete message only if records were deleted... %]
[% IF NumberOfDeletedRecords %]
    [% INCLUDE global_message.tt globalMessage=NumberOfDeletedRecords 
+_ ' records have been deleted.' %]
[% END %]

[% INCLUDE form_table.tt table=TaskIDMembersTable %]

[download]

I HAVE USED URI | HTML FOR THE LINK MENTIONED ABOVE BUT IT'S NOT ENCODING CHARACTERS LIKE <>'", . BUT ONLY @ IS ENCODED TO %. PLEASE HELP, HOW TO ENCODE ALL THE CHARACTERS IF USED ATTACKING <SCRIPT> TAGS IN URL.

  • Comment on I want to encode html entities in TT format to remove cross site scripting, I have followed the articles here for xss but could not able to implement in my code.
  • Download Code

Replies are listed 'Best First'.
Re: encode html entities in TT format
by hippo (Archbishop) on Jun 06, 2018 at 14:53 UTC
    I HAVE USED URI | HTML

    Please refrain from shouting in the monastery. This is a place of quiet contemplation.

    Here is an SSCCE:

    use strict;
use warnings;

use Test::More tests => 1;                      
use Template;

my $foo = 'some<stuff_to"be>escaped';
my $want = 'some%3Cstuff_to%22be%3Eescaped';

my $template = Template->new;
my $tmpl = '[% foo | uri %]';

my $out;
$template->process (\$tmpl, { foo => $foo }, \$out) or
    die $template->error ();
is ($out, $want);

    [download]

    See also How to ask better questions using Test::More and sample data.

[reply]
[d/l]

      Not shouting @hippo, :D Ok, So i already have perl module and a tool is based on MVC model. I can refer the script as mentioned by you but integration with pm files is quiet difficult. My aim to encode in the presentation layer or view which is template toolkit. Can you be able suggest something with respect to TT files only as mentioned above? or any other solution or something you want to correct me with?

      2018-06-09 Athanasius restored original content

[reply]
        What hippo was demonstrating in his example is that the uri filter encodes < and > quite fine. Does his test program succeed in your installation? If it doesn't, then there's something wrong in your TT installation. If it does, then you need to closely inspect the generated result of your TT process.
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom