Template::Stash::AutoEscaping(3pm) | User Contributed Perl Documentation | Template::Stash::AutoEscaping(3pm) |
Template::Stash::AutoEscaping - escape automatically in Template-Toolkit.
use Template; use Template::Stash::AutoEscaping; my $tt = Template->new({ STASH => Template::Stash::AutoEscaping->new });
my $tt = Template->new({ STASH => Template::Stash::AutoEscaping->new({ escape_method => sub { my $text = shift; ... ; return $text } }) });
my $stash = Template::Stash::AutoEscaping->new({ignore_escape => [qw(include_html include_raw my_escape_func)], ... ); You can disable auto-escape for some value or TT-Macro. For example: include other component, for output safety html, using other escape method, etc.
Template::Stash::AutoEscaping->class_for("HTML") # Template::Stash::AutoEscaping::Escaped::HTML Template::Stash::AutoEscaping->class_for("HTML" => "MyHTMLString");
For internal use.
For internal use.
For internal use.
For internal use.
Template::Stash::AutoEscaping is a sub class of Template::Stash, automatically escape all HTML strings and avoid XSS vulnerability.
default is 0. for example "key of hash" or "args of vmethods" are not escaped. I think this is good in most cases. [% hash.${key} %] [% hash.item(key) %] means [% hash.${key.raw} | html %] [% hash.item(key.raw) | html %] by default.
mala <cpan@ma.la> (original author of Template::Stash::AutoEscape)
Shlomi Fish (<http://www.shlomifish.org/>) added some enhancements and fixes, while disclaiming all rights, as part of his work for <http://reask.com/> and released the result as "Template::Stash::AutoEscaping" .
Template, Template::Stash::EscapedHTML, Template::Stash::AutoEscape
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
2021-01-09 | perl v5.32.0 |