package Template::Plugin::XML::Escape;
# $Id$
use 5.006001;
use strict;
use warnings;
use Template::Plugin::Filter;
use base 'Template::Plugin::Filter';
our $VERSION = '0.02';
our $NAME = 'xml_escape';
sub init {
my $self = shift;
$self->install_filter($self->{_ARGS}->[0] || $NAME);
return $self;
}
sub filter {
my ($self, $text, undef, $config) = @_;
$text =~ s/&/&/go;
$text =~ s/</</go;
$text =~ s/>/>/go;
$text =~ s/'/'/go;
$text =~ s/"/"/go;
return $text;
}
1;
__END__
=head1 NAME
Template::Plugin::XML::Escape - Escape variables to suit being placed into XML
=head1 SYNOPSIS
[% USE XML.Escape %]
...
<foo bar="[% c.variable | xml_escape %]" />
=head1 DESCRIPTION
Escapes XML entities from text, so that you don't fall prey to people putting
quotes, less-than/greater-than, and ampersands, into variables that end up in
TT templates.
=head1 SEE ALSO
* Template Toolkit
=head1 AUTHOR
Toby Corkindale, E<lt>cpan@corkindale.netE<gt>
=head1 COPYRIGHT AND LICENSE
Copyright (C) 2006 by Toby Corkindale.
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.7 or,
at your option, any later version of Perl 5 you may have available.
=cut