Hi all,

At last, I've created a patch for Template::Filters that introduces a
new filter function html_all, which escapes all special characters in
an HTML text. The filter tries to use either Apache::Util or
HTML::Entities and sets up the appropriate filter function at module
load time. I don't know if this is clean programming style, but it
doesn't impose any slow-downs at runtime.

If the patch is accepted and you are interested, I can supply
patches for documentation and tests, as Leon did (Leon, I used part of
your documentation for the description of the filter. I hope this is
okay).

There remains still one issue with escaping characters for HTML. The
HTML plug-in has its own escape function and doesn't know anything of
this filter. We could use the same code there or remove the escape
function from Template::Plugin::HTML altogether.

Best regards,
Axel



cvs -z9 diff -w -u -r2.43 Filters.pm
Index: Filters.pm
===================================================================
RCS file: /template-toolkit/Template2/lib/Template/Filters.pm,v
retrieving revision 2.43
diff -w -u -r2.43 Filters.pm
--- Filters.pm  2002/01/17 11:49:41     2.43
+++ Filters.pm  2002/01/20 22:22:41
@@ -47,6 +47,7 @@
 $FILTERS = {
     # static filters 
     'uri'        => \&uri_filter,
+    'html_all'   => _init_html_all_filter(),
     'html_para'  => \&html_paragraph,
     'html_break' => \&html_break,
     'upper'      => sub { uc $_[0] },
@@ -211,6 +212,50 @@
 }
 
 
+#------------------------------------------------------------------------
+# _init_html_all_filter()                           [% FILTER html_all %]
+#
+# Sets up the html_all filter and is called when this module is loaded.
+#
+# This filter converts any 'E<lt>', 'E<gt>', '&', '�' etc. characters to
+# equivalent character entity references '&lt;', '&gt;', '&amp;' and
+# '&eacute' etc., protecting them from being interpreted as representing
+# HTML tags or entities. See the following URL for more information:
+# http://www.w3.org/TR/REC-html40/sgml/entities.html
+#
+# The filter needs either Apache::Util or HTML::Entities. If you have
+# neither of them installed you cannot use this filter, and it will throw
+# an exception. Converting characters with Apache::Util is much faster
+# because it is written in C (see perldoc Apache::Util), but it runs only
+# under mod_perl.
+#------------------------------------------------------------------------
+
+sub _init_html_all_filter {
+    # Try using Apache::Util. Actually we have to call escape_html once
+    # to find out if it is available. An alternative would be to check for
+    # the MOD_PERL environment variable.
+    eval {
+        use Apache::Util;
+        Apache::Util::escape_html('');
+    };
+    return \&Apache::Util::escape_html
+        unless ($@);
+
+    # Apache::Util is not available, so we try using HTML::Entities
+    eval "use HTML::Entities";
+    return \&HTML::Entities::encode_entities
+        unless ($@);
+
+    # No conversion module is available, so html_all throws an exception
+    return sub {
+        die Template::Exception->new('html_all',
+            "Can't convert HTML characters because neither Apache::Util " .
+            "nor HTML::Entities is available.");
+    };
+}
+
+
+
 #========================================================================
 #                         -- STATIC FILTER SUBS --
 #========================================================================



Reply via email to