> That's right, the ampersands are not escaped. Technically, that is the
> correct thing to do, but in a template which 99.9% of the time is for
> HTML, e.g. [% c.uri_for('/foo', { page => 2, view => 'xml' } %] it's
> almost certainly not what you want.
>
That's why there's the "HTML" filter in TT:
[% c.uri_for('/foo') | html %]
In an MVC framework, the "View" is where you want to turn things into
HTML, so that's where you should escape the URIs. If you were
outputting YAML, you wouldn't want to escape the URI in the same way.
(Note that you'll want to use | xml for escaping in XHTML docs, but in
this case the difference between the two won't manifest itself.)
Regards,
Jonathan Rockway
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
