From: John W. <wil...@tn...> - 2004-06-30 23:38:47
|
At <http://masonhq.com/docs/manual/Devel.html#userdefined_escapes> it says: The subroutine should expect to receive a scalar reference, which should be manipulated in place. Any return value from this subroutine is ignored. So your sub should look something like this (untested): sub no_xss { my $valueref = shift; $$valueref = HTML::Entities::encode_entities($$valueref); $$valueref =~ s/<br>/<br>/gi; } ~ John Williams On Wed, 30 Jun 2004, Aaron Turner wrote: > Running Mason 1.26... > > Basically I default to |h, but in some cases, I don't want to escape > <br>, so in my syshandler, I: > > sub no_xss { > my $output = HTML::Entities::encode_entities(shift); > $output =~ s/<br>/<br>/gi; > return $output; > } > > $m->interp->set_escape( no_xss => \&no_xss ); > > > Then in my code, I'd use: <% $foo | no_xss %> > > Except that it's obvious that <br> is being rewritten. > > I've been reading the online manual and banging my head, but neither > seems to helping :) > > Anyone with any thoughts? > > Thanks, > Aaron > > |