lib/Template/Stash/EscapeHTML.pm

package Template::Stash::EscapeHTML;

use strict;
use Template::Config;
use base ($Template::Config::STASH);
our $VERSION = '0.02';

sub get {
    my($self, @args) = @_;
    my($var) = $self->SUPER::get(@args);
    unless (ref($var)) {
        return html_filter($var);
    }
    return $var;
}

sub html_filter {
    my $text = shift;
    for ($text) {
        s/&/&amp;/g;
        s/</&lt;/g;
        s/>/&gt;/g;
        s/"/&quot;/g;
        s/'/&#39;/g;
    }
    return $text;
}

1;

__END__

=head1 NAME

Template::Stash::EscapeHTML - escape HTML automatically in Template-Toolkit.

=head1 SYNOPSIS

    use Template::Stash::EscapeHTML;
    
    my $tt = Template->new({
        STASH => Template::Stash::EscapeHTML->new,
        ...
    }); 

=head1 DESCRIPTION

This module is a sub class of L<Template::Stash>,
automatically escape all HTML strings and avoid XSS vulnerability.

=head1 AUTHOR

Tomohiro IKEBE, C<< <ikebe@shebang.jp> >>

=head1 COPYRIGHT

Copyright 2005 Tomohiro IKEBE, all rights reserved.

This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.

=cut

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)