hehe - then you haven't tried my version of H::T ...
I modified H::T so that it dynamically loads the appropriate escape module -> you simply do this:

package HTML::Template::ESCAPE::HTML_JS;
use HTML::Template::ESCAPE;
$HTML::Template::ESCAPE::HTML_JS::VERSION = '1.0';
sub output {
  my $self = shift;
  $_ = shift if (@_ > 0);
  ...blah...
  $_;
}

then save the file somewhere in your PERL5LIB directory list.

Mathew


Alex Kapranoff wrote:
You are right, that would suffice. But as far as I understand, making
escape modules is not trivial. Escaping is not abstracted enough inside
HTML::Template.

* Mathew Robertson <mathew.robertson@netratings.com.au> [October 20 2005, 08:22]:
  
Is layered-escaping that is needed, or can we simply make a new escape 
module called, say "HTML_JS"

Mathew

Alex Kapranoff wrote:

    
* Philip Tellis <philip.tellis@gmx.net> [October 18 2005, 16:02]:


      
s/pretty hard/impossible/;
That's why there's only 1 _default_.
    

          
Oh well, "Perl is designed to make the easy jobs easy, without making 
the hard jobs impossible."

I'd hoped that it was also, "... make impossible jobs pretty hard"
  

        
BTW, "double" or "layered" escaping is a very wanted feature.

See:
======
<script>
item.innerHTML = "<strong><TMPL_VAR new_content></strong>";
</script>
======

This var needs first HTML, then JS escaping (in that order) or else
the code is likely just plain insecure. This task is not solved right
now.