On Sun, Jan 20, 2002 at 11:41:00PM +0100, Axel Gerstmair wrote:
> At last, I've created a patch for Template::Filters that introduces a
> new filter function html_all, which escapes all special characters in
> an HTML text.
I've applied a mixture of the different patches of Leon, Axel and Stas,
with the following changes:
* I've kept it all within one filter 'html' rather than have a separate
'html_all'.
* Apache::Utils is used if available, or HTML::Entities, or failing that,
it falls back on the old behaviour
* The undocumented 'entity' option is still supported. It's an ugly
hack but I currently rely on it in a couple of places where I'm doing
XML -> HTML translation. It will be replaced by something better one
of these days, but until then if you use the 'entity' option then
both the above modules are ignored and the original code is used.
None of this is documented yet because nothing is finalised. Comments
welcome. Patch is attached.
Thanks to everyone involved for your efforts.
A
--- lib/Template/Filters.pm 2002/01/17 11:49:41 2.43
+++ lib/Template/Filters.pm 2002/01/21 10:48:18
@@ -286,6 +286,24 @@
sub html_filter_factory {
my $context = shift;
my $opts = @_ && ref $_[-1] eq 'HASH' ? pop @_ : { };
+
+ # if a sufficiently mature version of Apache::Utils is installed
+ # which has escape_html then we use that
+ eval {
+ require Apache::Util;
+ Apache::Utils::escape_html('');
+ };
+ return \&Apache::Util::escape_html
+ unless $@ || $opts->{ entity };
+
+ # otherwise if HTML::Entities is installed then we use that
+ eval {
+ require HTML::Entities;
+ };
+ return \&HTML::Entities::encode_entities
+ unless $@ || $opts->{ entity };
+
+ # failing that, we fall back on the existing usage
return sub {
my $text = shift;
for ($text) {
--- t/html.t 2001/08/29 08:45:52 2.4
+++ t/html.t 2002/01/21 10:48:31
@@ -25,6 +25,15 @@
$Template::Test::DEBUG = 0;
$Template::Test::PRESERVE = 1;
+#------------------------------------------------------------------------
+# behaviour of html filter depends on these being available
+#------------------------------------------------------------------------
+
+use constant HAS_HTML_Entities => eval { require HTML::Entities };
+use constant HAS_Apache_Util => eval { require Apache::Util;
+ Apache::Utils::escape_html(''); };
+
+
my $html = -d 'templates' ? 'templates/html' : '../templates/html';
die "cannot grok templates/html directory\n" unless $html;
@@ -34,8 +43,12 @@
my $cfg = {
INCLUDE_PATH => $html,
};
+
+my $vars = {
+ entities => HAS_HTML_Entities || HAS_Apache_Util,
+};
-test_expect(\*DATA, $cfg);
+test_expect(\*DATA, $cfg, $vars);
__DATA__
-- test --
@@ -64,6 +77,12 @@
[%- END %]
-- expect --
<foo> <bar> <baz> <boz>
+
+-- test --
+[% "L�on Brocard" | html %]
+-- expect --
+-- process --
+[% entities ? 'Léon Brocard' : 'L�on Brocard' %]
-- test --
[% USE html; html.url('my file.html') -%]