auto HTML escaping in Template::Toolkit

pc88mxer has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I've got a project that has a gazillion TT templates which produce HTML, and not a single one of them properly HTML escapes insertions of data. I don't think using FILTER_GET won't work because there's code like:

[% IF name.length > 10 ... %]
...
[download]

so we need access to the raw data. Is there a way I can tell TT to automatically HTML escape insertion of variables and simple expressions? There might be a few places where I don't want it happen, so it would also be nice to be able to turn it off in those few spots.

Thanks!

Comment on auto HTML escaping in Template::Toolkit Download Code

Replies are listed 'Best First'.
Re: auto HTML escaping in Template::Toolkit by pc88mxer (Vicar) on Nov 14, 2007 at 16:04 UTC
Well, I decided to dive into the Template Toolkit code, and I have developed an extension which allows one to selectively auto-filter all insertions of variables and simple expressions in a block. Unfortunately, I can't get subscribed to the Template Toolkit mailing list (http://template-toolkit.org/mail/index.html). I get a 404 error when I try to confirm my subscription via HTTP. If anyone is on the list and can get the attention of the list manager I would appreciate it. I would like to share and discuss this change with the rest of the group. Thanks!	[reply]

Replies are listed 'Best First'.

Re: auto HTML escaping in Template::Toolkit
by pc88mxer (Vicar) on Nov 14, 2007 at 16:04 UTC

Unfortunately, I can't get subscribed to the Template Toolkit mailing list (http://template-toolkit.org/mail/index.html). I get a 404 error when I try to confirm my subscription via HTTP. If anyone is on the list and can get the attention of the list manager I would appreciate it. I would like to share and discuss this change with the rest of the group. Thanks!

[reply]