> +1 from me. I agree with Paul's points. Dumping is a pretty standard
> activity. The convenience of not having to use USE sounds nice. Bonus
> points if you allow some kind of config option to allow us to specify a
> routine to call the Dumper function. (For setting various Data::Dumper (or
> other) variables, to specify an alternate dumper, or perhaps wrap the dump
> in a <pre> when using html.)
For these types of issues I was planning on letting you pass options to the
dump call.
[% DUMP foo Useqq => 1 %]
That is one nice thing that the USE Dumper does is you set up your object once
during load.
I think maybe we could add a DUMP configuration that takes a hashref:
Template->new(DUMP => {Useqq => 1, EntireStash => 0});
Template->new(DUMP => {
handler => sub {
my ($ref, $name, $args, $file, $line) = @_;
... Dump my own way
},
});
I think we will default Sortkeys to 1 if it is not defined.
I think we will offer both ways of passing options.
And perhaps Template->new(DUMP => 0) turns off all DUMP calls.
> One other concern with this, although I'm not sure if it's an issue or not.
> I'm not too sure about letting everyone dump the entire stash. Is there any
> other code that can give a user the list of everything in the stash? (Not
> including perl tags.) If not, I think it'd be best to provide a config
> option on whether dumping the entire thing is allowed or not. (Or perhaps
> the previous config option formatting routine could be used somehow to not
> return anything if they want the entire stash?)
I agree with the concern but only partially. It does feel slightly odd to
give this much ability. But really the variables are there and they could
access them if they knew their names - taking away the ability sort of seems
like security through obscurity to me. But since it is easy to do, we can
use the DUMP config option from above to disallow access to the EntireStash.
However - in no case should we let them see private variables (hrmm - I don't
have a fast deepclone way of doing that - the top level is easy - other levels
aren't so easy).
I think there needs to be built in ability to go html or plaintext. The
CGI::Ex::Template version currently bases off of $ENV{'REQUEST_METHOD'} - but
I think that would be nice to optionally specify:
[% DUMP foo html => 1 %]
[% DUMP foo html => 0 %]
Template->new(DUMP => {html => 1});
Paul.
_______________________________________________
templates mailing list
[email protected]
http://lists.template-toolkit.org/mailman/listinfo/templates
