Template::Stash::AutoEscape - escape automatically in Template-Toolkit.
use Template; use Template::Stash::AutoEscape; my $tt = Template->new({ STASH => Template::Stash::AutoEscape->new });
default is HTML
default is raw, you can get not escaped value from [% value.raw %]
my $tt = Template->new({ STASH => Template::Stash::AutoEscape->new({ escape_method => sub { my $text = shift; ... ; return $text } }) });
my $stash = Template::Stash::AutoEscape->new({ignore_escape => [qw(include_html include_raw my_escape_func)], ... ); You can disable auto-escape for some value or TT-Macro. For example: include other component, for output safety html, using other escape method, etc.
Template::Stash::AutoEscape->class_for("HTML") # Template::Stash::AutoEscape::Escaped::HTML Template::Stash::AutoEscape->class_for("HTML" => "MyHTMLString");
Template::Stash::AutoEscape is a sub class of Template::Stash, automatically escape all HTML strings and avoid XSS vulnerability.
default is 0. for example "key of hash" or "args of vmethods" are not escaped. I think this is good in most cases. [% hash.${key} %] [% hash.item(key) %] means [% hash.${key.raw} | html %] [% hash.item(key.raw) | html %] by default.
mala <cpan@ma.la>
Template, Template::Stash::EscapedHTML
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
1 POD Error
The following errors were encountered while parsing the POD:
You forgot a '=back' before '=head1'
To install Template::Stash::AutoEscape, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Template::Stash::AutoEscape
CPAN shell
perl -MCPAN -e shell install Template::Stash::AutoEscape
For more information on module installation, please visit the detailed CPAN module installation guide.