ma la > Template-Stash-AutoEscape-0.03 > Template::Stash::AutoEscape

Download:
Template-Stash-AutoEscape-0.03.tar.gz

Dependencies

Annotate this POD

CPAN RT

New  1
Open  0
View/Report Bugs
Module Version: 0.03   Source  

NAME ^

Template::Stash::AutoEscape - escape automatically in Template-Toolkit.

SYNOPSIS ^

  use Template;
  use Template::Stash::AutoEscape;
  my $tt = Template->new({
    STASH => Template::Stash::AutoEscape->new  
  });

METHODS ^

new

escape_type

default is HTML

method_for_raw

default is raw, you can get not escaped value from [% value.raw %]

escape_method
  my $tt = Template->new({
    STASH => Template::Stash::AutoEscape->new({
        escape_method => sub { my $text = shift; ... ; return $text }
    })
  });
ignore_escape
  my $stash = Template::Stash::AutoEscape->new({ignore_escape => [qw(include_html include_raw my_escape_func)], ... );

  You can disable auto-escape for some value or TT-Macro.
  For example: include other component, for output safety html, using other escape method, etc.

class_for

    Template::Stash::AutoEscape->class_for("HTML") # Template::Stash::AutoEscape::Escaped::HTML
    Template::Stash::AutoEscape->class_for("HTML" => "MyHTMLString");

DESCRIPTION ^

Template::Stash::AutoEscape is a sub class of Template::Stash, automatically escape all HTML strings and avoid XSS vulnerability.

CONFIGURE ^

$Template::Stash::AutoEscape::ESCAPE_ARGS
 default is 0. for example "key of hash" or "args of vmethods" are not escaped. I think this is good in most cases.
 [% hash.${key} %] [% hash.item(key) %] means [% hash.${key.raw} | html %] [% hash.item(key.raw) | html %] by default.

AUTHOR ^

mala <cpan@ma.la>

SEE ALSO ^

Template, Template::Stash::EscapedHTML

LICENSE ^

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: