RE: [Catalyst] Views and escaping HTML
Actually I was not aware of built-in | html escaping. Where is the documentation for that? Or better yet where exactly is that built-in? Is that a catalyst method or TT? Now the authors question makes A LOT more sense. I guess I must be doing things the 1999 way. Thanks, -- Ali Mesdaq (CISSP, GIAC-GREM) Sr. Security Researcher Websense Security Labs http://www.WebsenseSecurityLabs.com -- -Original Message- From: J. Shirley [mailto:jshir...@gmail.com] Sent: Thursday, April 01, 2010 10:35 AM To: The elegant MVC web framework Subject: Re: [Catalyst] Views and escaping HTML On Thu, Apr 1, 2010 at 10:27 AM, Mesdaq, Ali ames...@websense.com wrote: You prefer global escaping to escaping in the template? I use the TT plugin for escaping [% USE HTML %] [% HTML.escape(needs.escaping) %] An idea that might work for you would be if you structure your data in the stash and create your templates generically looking for data in specific stash locations you could accomplish what you want with very little work (potentially) something like: [% USE HTML %] title[% data.title %]/title h1[% HTML.escape(data.escape.something) %]/h1 Not sure if that would work for you Why would you use the HTML plugin rather than just the built-in | html and | uri filters? The HTML plugin gives you HTML generation, using it for filtering seems redundant. PS., adding a template_class would be great... I'd love to have global escaping in a few apps. -J ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ Protected by Websense Hosted Email Security -- www.websense.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Views and escaping HTML
http://search.cpan.org/~abw/Template-Toolkit-2.22/lib/Template/Manual/Filters.pod#html On Thu, Apr 1, 2010 at 1:58 PM, Mesdaq, Ali ames...@websense.com wrote: Actually I was not aware of built-in | html escaping. Where is the documentation for that? Or better yet where exactly is that built-in? Is that a catalyst method or TT? Now the authors question makes A LOT more sense. I guess I must be doing things the 1999 way. Thanks, -- Ali Mesdaq (CISSP, GIAC-GREM) Sr. Security Researcher Websense Security Labs http://www.WebsenseSecurityLabs.com -- -Original Message- From: J. Shirley [mailto:jshir...@gmail.com] Sent: Thursday, April 01, 2010 10:35 AM To: The elegant MVC web framework Subject: Re: [Catalyst] Views and escaping HTML On Thu, Apr 1, 2010 at 10:27 AM, Mesdaq, Ali ames...@websense.com wrote: You prefer global escaping to escaping in the template? I use the TT plugin for escaping [% USE HTML %] [% HTML.escape(needs.escaping) %] An idea that might work for you would be if you structure your data in the stash and create your templates generically looking for data in specific stash locations you could accomplish what you want with very little work (potentially) something like: [% USE HTML %] title[% data.title %]/title h1[% HTML.escape(data.escape.something) %]/h1 Not sure if that would work for you Why would you use the HTML plugin rather than just the built-in | html and | uri filters? The HTML plugin gives you HTML generation, using it for filtering seems redundant. PS., adding a template_class would be great... I'd love to have global escaping in a few apps. -J ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ Protected by Websense Hosted Email Security -- www.websense.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Views and escaping HTML
On Thu, Apr 1, 2010 at 11:58 AM, Mesdaq, Ali ames...@websense.com wrote: Actually I was not aware of built-in | html escaping. Where is the documentation for that? Or better yet where exactly is that built-in? Is that a catalyst method or TT? Now the authors question makes A LOT more sense. I guess I must be doing things the 1999 way. It's a part of TT itself, it's in the Template::Manual::Filters pod: http://search.cpan.org/~abw/Template-Toolkit-2.22/lib/Template/Manual/Filters.pod Glad that helps you :) ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Views and escaping HTML
On 1 April 2010 19:58, Mesdaq, Ali ames...@websense.com wrote: Actually I was not aware of built-in | html escaping. Where is the documentation for that? Or better yet where exactly is that built-in? Is that a catalyst method or TT? Now the authors question makes A LOT more sense. I guess I must be doing things the 1999 way. http://template-toolkit.org/docs/manual/Filters.html [% somevariable | html %] is a shorthand for [% somevariable FILTER html %] Another handy manpage is on virtual methods, the equivalent of Perl operators like map, grep, sort on arrays and hashes http://template-toolkit.org/docs/manual/VMethods.html particularly the custom ones http://template-toolkit.org/docs/manual/VMethods.html#section_Defining_Custom_Virtual_Methods which let you add new operators, e.g. for formatting currency Cheers, Peter http://perl.dragonstaff.co.uk ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/