On Fri, 13 Apr 2012 00:38:22 +0300
WK <[email protected]> wrote:
> As i had problem with reproducing situtation i thought how to test it.
> Seems you find solution here too?
What I did was scaffold a test app which loads D::P::EscapeHTML, and
enables automatic_escaping, and includes some HTML in the config - for
example, a config.yml like:
plugins:
EscapeHTML:
automatic_escaping: 1
some_html: "Here's some <HTML> & stuff"
Then, in the app, I created a route which displayed the current
settings:
get '/settings' => sub {
"<pre>" . to_json( Dancer::Config->settings ) . "</pre>";
};
I hit that route first, and observed that the "some_html" config
setting was not escaped.
I then hit the app's default home page (which uses a template), then
viewed /settings again. Before the fix, when I hit /settings after
having had a template rendered, the "some_html" config setting had been
escaped; after the fix, it was left alone.
--
David Precious ("bigpresh") <[email protected]>
http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter
www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook
www.preshweb.co.uk/cpan www.preshweb.co.uk/github
_______________________________________________
Dancer-users mailing list
[email protected]
http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
