NAME

Template::Stash::AutoEscaping - escape automatically in Template-Toolkit.

SYNOPSIS


            
              
              use Template;
use Template::Stash::AutoEscaping;
my $tt = Template->new({
  STASH => Template::Stash::AutoEscaping->new
});

METHODS

new

die_on_unescaped

This value, if set to a true value, causes the process to throw an exception upon encountering a value that was not explicitly set to be escaped or was marked as a raw value.

escape_type

default is HTML

method_for_escape

The default method to escape a value explicitly (mostly useful with die_on_unescaped .

method_for_raw

default is raw, you can get not escaped value from [% value.raw %]

escape_method


            
              
              my $tt = Template->new({
  STASH => Template::Stash::AutoEscaping->new({
      escape_method => sub { my $text = shift; ... ; return $text }
  })
});

ignore_escape


            
              
              my $stash = Template::Stash::AutoEscaping->new({ignore_escape => [qw(include_html include_raw my_escape_func)], ... );
You can disable auto-escape for some value or TT-Macro.
For example: include other component, for output safety html, using other escape method, etc.

class_for


            
              
              Template::Stash::AutoEscaping->class_for("HTML") # Template::Stash::AutoEscaping::Escaped::HTML
Template::Stash::AutoEscaping->class_for("HTML" => "MyHTMLString");

escape

For internal use.

escape_count

For internal use.

get

For internal use.

get_raw_args

For internal use.

DESCRIPTION

Template::Stash::AutoEscaping is a sub class of Template::Stash, automatically escape all HTML strings and avoid XSS vulnerability.

CONFIGURE

$Template::Stash::AutoEscaping::ESCAPE_ARGS


            
              
              default is 0. for example "key of hash" or "args of vmethods" are not escaped. I think this is good in most cases.
[% hash.${key} %] [% hash.item(key) %] means [% hash.${key.raw} | html %] [% hash.item(key.raw) | html %] by default.

AUTHOR

mala <cpan@ma.la> (original author of Template::Stash::AutoEscape)

Shlomi Fish (http://www.shlomifish.org/) added some enhancements and fixes, while disclaiming all rights, as part of his work for http://reask.com/ and released the result as Template::Stash::AutoEscaping .

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Template::Stash::AutoEscaping, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Template::Stash::AutoEscaping

CPAN shell

perl -MCPAN -e shell
install Template::Stash::AutoEscaping

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

METHODS

new

class_for

escape

escape_count

get

get_raw_args

DESCRIPTION

CONFIGURE

AUTHOR

SEE ALSO

LICENSE

Module Install Instructions