subject:"Re\: \[dancer\-users\] Best practice to escape HTML entities in Dancer2 and TT"

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-03-22 Thread Scott H

So i set up a quick instance and attempted the doc, i keep getting this:

Unrecognized response type from route:
Template::Stash::AutoEscaping::Escaped::HTML.

Because its an extension i copied some of the subroutine for the
_build_engine and so i have:
my $tt = Template->new({
STASH => Template::Stash::AutoEscaping->new,
%tt_config,
});

That stash kills it. The route doesnt like the return obviously but not
sure how to fix it from there.

On Thu, Mar 22, 2018 at 12:01 PM, Lutz Gehlen  wrote:

> Hey Scott, hey all,
>
> ok, here is what I did. I wrote a Dancer2::Template::MyApp module
> following the example in Dancer2::Template::TemplateToolkit:
>
> 
> package Dancer2::Template::MyApp;
> use 5.014;
>
> use Moo;
> use Template::Stash::AutoEscaping;
>
> extends 'Dancer2::Template::TemplateToolkit';
>
>
> around '_build_engine' => sub {
> my $orig = shift;
> my $self = shift;
>
> my $tt = $self->$orig(@_);
>
> # replace the stash object
> $tt->service->context->{STASH} = Template::Stash::AutoEscaping-
> >new(
> $self->config->{STASH}
> );
>
> return $tt;
> };
>
>
> 1;
> 
>
> Then I adapted my config.yml
>
> 
> template: "MyApp"
> engines:
>   template:
> MyApp:
>   start_tag: '[%'
>   end_tag:   '%]'
>   ENCODING: utf8
>   STASH:
> 
>
> If I try to call a route in my application, the route crashes with:
> Route exception: Failed to render template: undef error - Not a GLOB
> reference at /usr/local/lib/x86_64-linux-
> gnu/perl/5.20.2/Template/Provider.pm line 618.
>
> If I comment out the replacement of the stash object it works
> (unsurprisingly).
>
> I have also tried to overload the entire build_engine method instead
> of using "around" in order to construct the Template object with the
> alternative stash object right away. This leads to the same result.
>
> I went to line 618 of Template::Provider and printed out the
> respective variable using Data::Dumper. It seems to be an arrayref
> blessed into Template::Stash::AutoEscaping::Escaped::HTML. However,
> Template::Provider obviously expects a GLOB reference.
>
> I'd be very thankful if someone could help me on with this. I am
> stuck.
>
> Thank you and best wishes,
> Lutz
>
>
> On Monday, 19.03.2018 19:07:19 Lutz Gehlen wrote:
> > Hey Scott,
> >
> > sorry for the long silence. After my return I've tried to get this
> > solution to work, but so far I've not been successful. I wanted
> > to write up my attempts, but got buried in other work, hence the
> > delay. I'll reply in more detail later this week.
> >
> > Cheers,
> > Lutz
> >
> > On Tuesday, 13.03.2018 12:51:54 Scott H wrote:
> > > Did this work?
> > >
> > > On Wed, Feb 21, 2018 at 6:46 AM, Lutz Gehlen 
> >
> > wrote:
> > > > Hi Scott,
> > > >
> > > > thank you for your reply. This looks exactly like the piece of
> > > > information I was lacking. I'll be traveling the next couple
> > > > of
> > > > days, but I'll certainly try this approach next week.
> > > >
> > > > Cheers,
> > > > Lutz
> > > >
> > > > On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> > > > > Looking into what your asking, have you tried this:
> > > > > https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> > > > >
> > > > > Go to Advanced Customizations and you'll see how to create a
> > > > > subclass module to return $tt. Have you tried this method?
> > > > >
> > > > > -Scott
> > > > >
> > > > > On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen
> > > > > 
>
> [...]
>
> ___
> dancer-users mailing list
> dancer-users@dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-03-22 Thread Lutz Gehlen

Hey Scott, hey all,

ok, here is what I did. I wrote a Dancer2::Template::MyApp module
following the example in Dancer2::Template::TemplateToolkit:

package Dancer2::Template::MyApp;
use 5.014;

use Moo;
use Template::Stash::AutoEscaping;

extends 'Dancer2::Template::TemplateToolkit';

around '_build_engine' => sub {
my $orig = shift;
my $self = shift;

my $tt = $self->$orig(@_);

# replace the stash object
$tt->service->context->{STASH} = Template::Stash::AutoEscaping-
>new(
$self->config->{STASH}
);

return $tt;
};

1;

Then I adapted my config.yml

template: "MyApp"
engines:
  template:
MyApp:
  start_tag: '[%'
  end_tag:   '%]'
  ENCODING: utf8
  STASH:

If I try to call a route in my application, the route crashes with:
Route exception: Failed to render template: undef error - Not a GLOB 
reference at /usr/local/lib/x86_64-linux-
gnu/perl/5.20.2/Template/Provider.pm line 618.

If I comment out the replacement of the stash object it works
(unsurprisingly).

I have also tried to overload the entire build_engine method instead
of using "around" in order to construct the Template object with the
alternative stash object right away. This leads to the same result.

I went to line 618 of Template::Provider and printed out the
respective variable using Data::Dumper. It seems to be an arrayref
blessed into Template::Stash::AutoEscaping::Escaped::HTML. However,
Template::Provider obviously expects a GLOB reference.

I'd be very thankful if someone could help me on with this. I am
stuck.

Thank you and best wishes,
Lutz

On Monday, 19.03.2018 19:07:19 Lutz Gehlen wrote:
> Hey Scott,
> 
> sorry for the long silence. After my return I've tried to get this
> solution to work, but so far I've not been successful. I wanted
> to write up my attempts, but got buried in other work, hence the
> delay. I'll reply in more detail later this week.
> 
> Cheers,
> Lutz
> 
> On Tuesday, 13.03.2018 12:51:54 Scott H wrote:
> > Did this work?
> > 
> > On Wed, Feb 21, 2018 at 6:46 AM, Lutz Gehlen 
> 
> wrote:
> > > Hi Scott,
> > > 
> > > thank you for your reply. This looks exactly like the piece of
> > > information I was lacking. I'll be traveling the next couple
> > > of
> > > days, but I'll certainly try this approach next week.
> > > 
> > > Cheers,
> > > Lutz
> > > 
> > > On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> > > > Looking into what your asking, have you tried this:
> > > > https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> > > > 
> > > > Go to Advanced Customizations and you'll see how to create a
> > > > subclass module to return $tt. Have you tried this method?
> > > > 
> > > > -Scott
> > > > 
> > > > On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen
> > > > 

[...]

___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-03-19 Thread Lutz Gehlen

Hey Scott,

sorry for the long silence. After my return I've tried to get this 
solution to work, but so far I've not been successful. I wanted to 
write up my attempts, but got buried in other work, hence the delay. 
I'll reply in more detail later this week.

Cheers,
Lutz


On Tuesday, 13.03.2018 12:51:54 Scott H wrote:
> Did this work?
> 
> On Wed, Feb 21, 2018 at 6:46 AM, Lutz Gehlen  
wrote:
> > Hi Scott,
> > 
> > thank you for your reply. This looks exactly like the piece of
> > information I was lacking. I'll be traveling the next couple of
> > days, but I'll certainly try this approach next week.
> > 
> > Cheers,
> > Lutz
> > 
> > On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> > > Looking into what your asking, have you tried this:
> > > https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> > > 
> > > Go to Advanced Customizations and you'll see how to create a
> > > subclass module to return $tt. Have you tried this method?
> > > 
> > > -Scott
> > > 
> > > On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen 
> > 
> > wrote:
> > > > Hi Warren,
> > > > 
> > > > thank you for your reply and your research on the escaping
> > > > plugins.>
> > > > 
> > > > On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> > > > > Since you seem to have an itch here, how about you port
> > > > > the
> > > > > plugin?  Then you get the software you want.  You’ve got
> > > > > preexisting code on both sides to work with: the source
> > > > > plugin
> > > > > and many examples of existing D2 plugins to aid in the
> > > > > translation.
> > > > 
> > > > Yes, maybe porting the plugin is the way to go. However,
> > > > part of
> > > > my intention in raising this topic on the list was to find
> > > > out
> > > > whether a port of Dancer::Plugin::EscapeHTML actually _is_
> > > > the
> > > > software I really want. What made me think was that nobody
> > > > has
> > > > done it so far as a solution to what I believed to be a
> > > > standard problem.
> > > > 
> > > > Furthermore, the documentation of Dancer::Plugin::EscapeHTML
> > > > states: "If you're using Template Toolkit, you may wish to
> > > > look
> > > > instead at Template::Stash::EscapeHTML which takes care of
> > > > this
> > > > reliably at the template engine level, and is more
> > > > widely-used
> > > > and tested than this module."
> > > > 
> > > > This supposedly goes along the same line as Shlomi's
> > > > suggestion
> > > > of Template::Stash::AutoEscaping, but so far I have not
> > > > figured
> > > > out how to deploy this approach in Dancer.
> > > > 
> > > > So to come back to your suggestion of porting
> > > > Dancer::Plugin::EscapeHTML to Dancer2, I will consider it,
> > > > but
> > > > need to find out more about whether this is the right way to
> > > > go.
> > > > 
> > > > Cheers,
> > > > Lutz
> > > > 
> > > > ___
> > > > dancer-users mailing list
> > > > dancer-users@dancer.pm
> > > > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
> > 
> > ___
> > dancer-users mailing list
> > dancer-users@dancer.pm
> > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-03-13 Thread Scott H

Did this work?

On Wed, Feb 21, 2018 at 6:46 AM, Lutz Gehlen  wrote:

> Hi Scott,
>
> thank you for your reply. This looks exactly like the piece of
> information I was lacking. I'll be traveling the next couple of
> days, but I'll certainly try this approach next week.
>
> Cheers,
> Lutz
>
>
> On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> > Looking into what your asking, have you tried this:
> > https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> >
> > Go to Advanced Customizations and you'll see how to create a
> > subclass module to return $tt. Have you tried this method?
> >
> > -Scott
> >
> > On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen 
> wrote:
> > > Hi Warren,
> > >
> > > thank you for your reply and your research on the escaping
> > > plugins.>
> > > On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> > > > Since you seem to have an itch here, how about you port the
> > > > plugin?  Then you get the software you want.  You’ve got
> > > > preexisting code on both sides to work with: the source plugin
> > > > and many examples of existing D2 plugins to aid in the
> > > > translation.
> > >
> > > Yes, maybe porting the plugin is the way to go. However, part of
> > > my intention in raising this topic on the list was to find out
> > > whether a port of Dancer::Plugin::EscapeHTML actually _is_ the
> > > software I really want. What made me think was that nobody has
> > > done it so far as a solution to what I believed to be a
> > > standard problem.
> > >
> > > Furthermore, the documentation of Dancer::Plugin::EscapeHTML
> > > states: "If you're using Template Toolkit, you may wish to look
> > > instead at Template::Stash::EscapeHTML which takes care of this
> > > reliably at the template engine level, and is more widely-used
> > > and tested than this module."
> > >
> > > This supposedly goes along the same line as Shlomi's suggestion
> > > of Template::Stash::AutoEscaping, but so far I have not figured
> > > out how to deploy this approach in Dancer.
> > >
> > > So to come back to your suggestion of porting
> > > Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but
> > > need to find out more about whether this is the right way to
> > > go.
> > >
> > > Cheers,
> > > Lutz
> > >
> > > ___
> > > dancer-users mailing list
> > > dancer-users@dancer.pm
> > > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
> ___
> dancer-users mailing list
> dancer-users@dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-21 Thread Lutz Gehlen

Hi Scott,

thank you for your reply. This looks exactly like the piece of 
information I was lacking. I'll be traveling the next couple of 
days, but I'll certainly try this approach next week.

Cheers,
Lutz


On Tuesday, 20.02.2018 11:40:00 Scott H wrote:
> Looking into what your asking, have you tried this:
> https://metacpan.org/pod/Dancer2::Template::TemplateToolkit
> 
> Go to Advanced Customizations and you'll see how to create a
> subclass module to return $tt. Have you tried this method?
> 
> -Scott
> 
> On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen  
wrote:
> > Hi Warren,
> > 
> > thank you for your reply and your research on the escaping
> > plugins.> 
> > On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> > > Since you seem to have an itch here, how about you port the
> > > plugin?  Then you get the software you want.  You’ve got
> > > preexisting code on both sides to work with: the source plugin
> > > and many examples of existing D2 plugins to aid in the
> > > translation.
> > 
> > Yes, maybe porting the plugin is the way to go. However, part of
> > my intention in raising this topic on the list was to find out
> > whether a port of Dancer::Plugin::EscapeHTML actually _is_ the
> > software I really want. What made me think was that nobody has
> > done it so far as a solution to what I believed to be a
> > standard problem.
> > 
> > Furthermore, the documentation of Dancer::Plugin::EscapeHTML
> > states: "If you're using Template Toolkit, you may wish to look
> > instead at Template::Stash::EscapeHTML which takes care of this
> > reliably at the template engine level, and is more widely-used
> > and tested than this module."
> > 
> > This supposedly goes along the same line as Shlomi's suggestion
> > of Template::Stash::AutoEscaping, but so far I have not figured
> > out how to deploy this approach in Dancer.
> > 
> > So to come back to your suggestion of porting
> > Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but
> > need to find out more about whether this is the right way to
> > go.
> > 
> > Cheers,
> > Lutz
> > 
> > ___
> > dancer-users mailing list
> > dancer-users@dancer.pm
> > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-20 Thread Scott H

Looking into what your asking, have you tried this:
https://metacpan.org/pod/Dancer2::Template::TemplateToolkit

Go to Advanced Customizations and you'll see how to create a subclass
module to return $tt. Have you tried this method?

-Scott

On Tue, Feb 20, 2018 at 1:47 AM, Lutz Gehlen  wrote:

> Hi Warren,
>
> thank you for your reply and your research on the escaping plugins.
>
> On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> > Since you seem to have an itch here, how about you port the
> > plugin?  Then you get the software you want.  You’ve got
> > preexisting code on both sides to work with: the source plugin
> > and many examples of existing D2 plugins to aid in the
> > translation.
>
> Yes, maybe porting the plugin is the way to go. However, part of my
> intention in raising this topic on the list was to find out whether a
> port of Dancer::Plugin::EscapeHTML actually _is_ the software I
> really want. What made me think was that nobody has done it so far
> as a solution to what I believed to be a standard problem.
>
> Furthermore, the documentation of Dancer::Plugin::EscapeHTML states:
> "If you're using Template Toolkit, you may wish to look instead at
> Template::Stash::EscapeHTML which takes care of this reliably at the
> template engine level, and is more widely-used and tested than this
> module."
>
> This supposedly goes along the same line as Shlomi's suggestion of
> Template::Stash::AutoEscaping, but so far I have not figured out how
> to deploy this approach in Dancer.
>
> So to come back to your suggestion of porting
> Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but need
> to find out more about whether this is the right way to go.
>
> Cheers,
> Lutz
>
> ___
> dancer-users mailing list
> dancer-users@dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-20 Thread Lutz Gehlen

Hi Warren,

thank you for your reply and your research on the escaping plugins.

On Monday, 19.02.2018 10:59:19 Warren Young wrote:
> Since you seem to have an itch here, how about you port the
> plugin?  Then you get the software you want.  You’ve got
> preexisting code on both sides to work with: the source plugin
> and many examples of existing D2 plugins to aid in the
> translation.

Yes, maybe porting the plugin is the way to go. However, part of my 
intention in raising this topic on the list was to find out whether a 
port of Dancer::Plugin::EscapeHTML actually _is_ the software I 
really want. What made me think was that nobody has done it so far 
as a solution to what I believed to be a standard problem. 

Furthermore, the documentation of Dancer::Plugin::EscapeHTML states:
"If you're using Template Toolkit, you may wish to look instead at 
Template::Stash::EscapeHTML which takes care of this reliably at the 
template engine level, and is more widely-used and tested than this 
module."

This supposedly goes along the same line as Shlomi's suggestion of 
Template::Stash::AutoEscaping, but so far I have not figured out how 
to deploy this approach in Dancer.

So to come back to your suggestion of porting 
Dancer::Plugin::EscapeHTML to Dancer2, I will consider it, but need 
to find out more about whether this is the right way to go.

Cheers,
Lutz

___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-19 Thread Warren Young

On Feb 19, 2018, at 10:59 AM, Warren Young  wrote:
> 
> Since you seem to have an itch here, how about you port the plugin? 

I was just reading more of that Stack Overflow page, and the *second* answer is 
by brian d foy, who points out that HTML::Escape is either 2 or 20x faster than 
HTML::Entities in his testing, depending on whether he uses the native Perl 
version or the XS version:

https://stackoverflow.com/a/14818874

Since D2 is normally installed via automatic CPAN retrieval tools rather than 
by manually unpacking tarballs, the nonstandard dependency shouldn’t be a 
problem for your new plugin, unless you have existing installations at sites 
without reliable Internet access.
___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-19 Thread Warren Young

On Feb 19, 2018, at 5:08 AM, Lutz Gehlen  wrote:
> 
> What is everybody else 
> doing? Or am I mistaken and this is a minority problem after all?

The problem never came up for me because my Dancer code was migrated from 
Apache::ASP, which doesn’t have anything like the solutions proposed so far in 
this thread.  I had to do my own escaping with HTML::Entities and such, so 
keeping that existing code has been the path of least resistance.

It may well be that when people go searching the web for “perl html escape”, 
they find HTML::Entities and just go with that.  It’s the third result here.  
(YMMV.)  The first result recommends URI::Escape instead, which is wrong, and 
the second answer is a Stack Overflow post, where the top answer recommends 
HTML::Escape.

Since you seem to have an itch here, how about you port the plugin?  Then you 
get the software you want.  You’ve got preexisting code on both sides to work 
with: the source plugin and many examples of existing D2 plugins to aid in the 
translation.
___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-19 Thread Lutz Gehlen

Hello all,

since there have been no further replies, I am wondering whether I 
am asking the wrong question. I would have thought that nearly every 
Dancer user is facing this problem, hence I am a bit surprised that 
there doesn't seem to be a standard solution. What is everybody else 
doing? Or am I mistaken and this is a minority problem after all?

Cheers,
Lutz

On Saturday, 10.02.2018 11:15:07 Lutz Gehlen wrote:
> Hello all,
> 
> in Dancer1, I have been using Dancer::Plugin::EscapeHTML to
> automatically escape HTML entities in server generated output. I
> have never tried to figure out how it does its job, but it seemed
> to do what I needed.
> 
> I have not found a similar plugin for Dancer2. However, this must
> be a widespread problem, isn't it? What is the best practice to
> automatically escape HTML entities with Dancer2 and
> Template::Toolkit?
> 
> Thank you and best wishes,
> Lutz
> 
> ___
> dancer-users mailing list
> dancer-users@dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-12 Thread Andrew Beverley

On Sun, 11 Feb 2018 00:45:13 +0100 Lutz Gehlen  wrote:
> On Saturday, 10.02.2018 09:16:52 Hermann Calabria wrote:
> > Why not use TT’s native FILTER capability:
> > 
> > <% somehtml FILTER html %>
> 
> The reason is that the application has many templates with many 
> output sections that need to be filtered. To add the html filter to 
> each of these places would be both cumbersome and error-prone.

Agreed. Having taken the FILTER approach until now, I have come to the
conclusion that some will always be missed at some point in the
application's development, leading to potential XSS vulnerabilities.

Andy
___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-10 Thread Lutz Gehlen

Hi Hermann,

On Saturday, 10.02.2018 09:16:52 Hermann Calabria wrote:
> Why not use TT’s native FILTER capability:
> 
> <% somehtml FILTER html %>

The reason is that the application has many templates with many 
output sections that need to be filtered. To add the html filter to 
each of these places would be both cumbersome and error-prone. I 
think it would be safer and more elegant to use a more centralized 
approach.
 
> From an MVC perspective it’s probably the right place to do html
> escaping — not at the lib (Model) level.

I agree that the View level is the right place to do the escaping 
instead of e.g. the Model level. However, a solution along the lines 
of Shlomi's suggestion, which modifies the behavior of 
Template::Toolkit, _is_ at the View level.

Best wishes,
Lutz


> > On Feb 10, 2018, at 8:39 AM, Lutz Gehlen  wrote:
> > 
> > Hi Shlomi,
> > 
> > thanks for your reply. I have tried to use your module, but I am
> > unsure how to activate it in my Dancer2 application. I have
> > added
> > the class as STASH to my template engine in config.yml:
> > 
> > template: "template_toolkit"
> > 
> > engines:
> >  template:
> >template_toolkit:
> >  start_tag: '[%'
> >  end_tag:   '%]'
> >  ENCODING: utf8
> > 
> > ...
> > 
> >  STASH: 'Template::Stash::AutoEscaping'
> > 
> > First, I got the error message that the module was not loaded,
> > but even if I load the module manually I get:
> > 
> > Can't use string ("Template::Stash::AutoEscaping") as a HASH ref
> > while "strict refs" in use at /usr/local/lib/x86_64-linux-
> > gnu/perl/5.20.2/Template/Stash.pm line 161.
> > 
> > It seems like Template::Stash expects an instance of the stash
> > class (like you show in the SYNOPSIS section of your module).
> > But how do I tell Dancer2 to instantiate the class and hand it
> > over to TT? Can you help we with that?
> > 
> > Cheers,
> > Lutz
> > 
> >> On Saturday, 10.02.2018 13:42:01 Shlomi Fish wrote:
> >> Hi Lutz,
> >> 
> >> On Sat, 10 Feb 2018 11:15:07 +0100
> >> 
> >> Lutz Gehlen  wrote:
> >>> Hello all,
> >>> 
> >>> in Dancer1, I have been using Dancer::Plugin::EscapeHTML to
> >>> automatically escape HTML entities in server generated output.
> >>> I
> >>> have never tried to figure out how it does its job, but it
> >>> seemed to do what I needed.
> >>> 
> >>> I have not found a similar plugin for Dancer2. However, this
> >>> must be a widespread problem, isn't it? What is the best
> >>> practice to automatically escape HTML entities with Dancer2
> >>> and
> >>> Template::Toolkit?
> >> 
> >> perhaps see
> >> https://metacpan.org/release/Template-Stash-AutoEscaping . Note
> >> that it is a fork by me of a different module.
> >> 
> >>> Thank you and best wishes,
> >>> Lutz

___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-10 Thread Lutz Gehlen

Hi Shlomi,

thanks for your reply. I have tried to use your module, but I am 
unsure how to activate it in my Dancer2 application. I have added 
the class as STASH to my template engine in config.yml:

template: "template_toolkit"
engines:
  template:
template_toolkit:
  start_tag: '[%'
  end_tag:   '%]'
  ENCODING: utf8
...
  STASH: 'Template::Stash::AutoEscaping'

First, I got the error message that the module was not loaded, but 
even if I load the module manually I get:

Can't use string ("Template::Stash::AutoEscaping") as a HASH ref 
while "strict refs" in use at /usr/local/lib/x86_64-linux-
gnu/perl/5.20.2/Template/Stash.pm line 161.

It seems like Template::Stash expects an instance of the stash class 
(like you show in the SYNOPSIS section of your module). But how do I 
tell Dancer2 to instantiate the class and hand it over to TT? Can 
you help we with that?

Cheers,
Lutz

On Saturday, 10.02.2018 13:42:01 Shlomi Fish wrote:
> Hi Lutz,
> 
> On Sat, 10 Feb 2018 11:15:07 +0100
> 
> Lutz Gehlen  wrote:
> > Hello all,
> > 
> > in Dancer1, I have been using Dancer::Plugin::EscapeHTML to
> > automatically escape HTML entities in server generated output. I
> > have never tried to figure out how it does its job, but it
> > seemed to do what I needed.
> > 
> > I have not found a similar plugin for Dancer2. However, this
> > must be a widespread problem, isn't it? What is the best
> > practice to automatically escape HTML entities with Dancer2 and
> > Template::Toolkit?
> 
> perhaps see
> https://metacpan.org/release/Template-Stash-AutoEscaping . Note
> that it is a fork by me of a different module.
> 
> > Thank you and best wishes,
> > Lutz
> > 
> > ___
> > dancer-users mailing list
> > dancer-users@dancer.pm
> > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

2018-02-10 Thread Shlomi Fish

Hi Lutz,

On Sat, 10 Feb 2018 11:15:07 +0100
Lutz Gehlen  wrote:

> Hello all,
> 
> in Dancer1, I have been using Dancer::Plugin::EscapeHTML to 
> automatically escape HTML entities in server generated output. I 
> have never tried to figure out how it does its job, but it seemed to 
> do what I needed.
> 
> I have not found a similar plugin for Dancer2. However, this must be 
> a widespread problem, isn't it? What is the best practice to 
> automatically escape HTML entities with Dancer2 and 
> Template::Toolkit?
> 

perhaps see https://metacpan.org/release/Template-Stash-AutoEscaping . Note
that it is a fork by me of a different module.

> Thank you and best wishes,
> Lutz
> 
> ___
> dancer-users mailing list
> dancer-users@dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

-- 
-
Shlomi Fish   http://www.shlomifish.org/
First stop for Perl beginners - http://perl-begin.org/

Flock aims to be the browser for the social web, but I found it to be the
completely anti-social browser.

Please reply to list if it's a mailing list post - http://shlom.in/reply .
___
dancer-users mailing list
dancer-users@dancer.pm
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

Re: [dancer-users] Best practice to escape HTML entities in Dancer2 and TT

14 matches

Site Navigation

Mail list logo

Footer information