|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| Template::Stash::AutoEscape(3) | User Contributed Perl Documentation | Template::Stash::AutoEscape(3) |
NAME
Template::Stash::AutoEscape - escape automatically in Template-Toolkit.SYNOPSIS
use Template;
use Template::Stash::AutoEscape;
my $tt = Template->new({
STASH => Template::Stash::AutoEscape->new
});
METHODS
new
- escape_type
- default is HTML
- method_for_raw
- default is raw, you can get not escaped value from [% value.raw %]
- escape_method
-
my $tt = Template->new({ STASH => Template::Stash::AutoEscape->new({ escape_method => sub { my $text = shift; ... ; return $text } }) }); - ignore_escape
-
my $stash = Template::Stash::AutoEscape->new({ignore_escape => [qw(include_html include_raw my_escape_func)], ... ); You can disable auto-escape for some value or TT-Macro. For example: include other component, for output safety html, using other escape method, etc.
class_for
Template::Stash::AutoEscape->class_for("HTML") # Template::Stash::AutoEscape::Escaped::HTML
Template::Stash::AutoEscape->class_for("HTML" => "MyHTMLString");
DESCRIPTION
Template::Stash::AutoEscape is a sub class of Template::Stash, automatically escape all HTML strings and avoid XSS vulnerability.CONFIGURE
- $Template::Stash::AutoEscape::ESCAPE_ARGS
-
default is 0. for example "key of hash" or "args of vmethods" are not escaped. I think this is good in most cases. [% hash.${key} %] [% hash.item(key) %] means [% hash.${key.raw} | html %] [% hash.item(key.raw) | html %] by default.
AUTHOR
mala <cpan@ma.la>SEE ALSO
Template, Template::Stash::EscapedHTMLLICENSE
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.POD ERRORS
Hey! The above document had some coding errors, which are explained below:- Around line 218:
- You forgot a '=back' before '=head1'
| 2010-09-13 | perl v5.32.1 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.