html-template-users Mailing List for HTML::Template (Page 27)
Brought to you by:
samtregar
Menu
▾
▴
html-template-users — Discussion of HTML::Template and related modules
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(42) |
Jul
(80) |
Aug
(77) |
Sep
(97) |
Oct
(65) |
Nov
(80) |
Dec
(39) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(63) |
Feb
(47) |
Mar
(45) |
Apr
(63) |
May
(67) |
Jun
(51) |
Jul
(78) |
Aug
(37) |
Sep
(45) |
Oct
(59) |
Nov
(50) |
Dec
(70) |
| 2004 |
Jan
(23) |
Feb
(90) |
Mar
(37) |
Apr
(53) |
May
(111) |
Jun
(71) |
Jul
(35) |
Aug
(58) |
Sep
(35) |
Oct
(35) |
Nov
(35) |
Dec
(20) |
| 2005 |
Jan
(51) |
Feb
(19) |
Mar
(20) |
Apr
(8) |
May
(26) |
Jun
(14) |
Jul
(49) |
Aug
(24) |
Sep
(20) |
Oct
(49) |
Nov
(17) |
Dec
(53) |
| 2006 |
Jan
(12) |
Feb
(26) |
Mar
(45) |
Apr
(19) |
May
(19) |
Jun
(13) |
Jul
(11) |
Aug
(9) |
Sep
(10) |
Oct
(16) |
Nov
(17) |
Dec
(13) |
| 2007 |
Jan
(9) |
Feb
(12) |
Mar
(28) |
Apr
(33) |
May
(12) |
Jun
(12) |
Jul
(19) |
Aug
(4) |
Sep
(4) |
Oct
(5) |
Nov
(5) |
Dec
(13) |
| 2008 |
Jan
(6) |
Feb
(7) |
Mar
(14) |
Apr
(16) |
May
(3) |
Jun
(1) |
Jul
(12) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(9) |
| 2009 |
Jan
(9) |
Feb
|
Mar
(10) |
Apr
(1) |
May
|
Jun
(6) |
Jul
(5) |
Aug
(3) |
Sep
(7) |
Oct
(1) |
Nov
(15) |
Dec
(1) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
(9) |
May
|
Jun
|
Jul
(5) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(3) |
Mar
|
Apr
(28) |
May
|
Jun
|
Jul
(3) |
Aug
(4) |
Sep
(3) |
Oct
|
Nov
(8) |
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
(2) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
|
From: Carl F. <fir...@gm...> - 2005-10-18 11:40:27
|
On 18/10/05, Philip Tellis <phi...@gm...> wrote: > I want both to be on by > default. There can only be 1 _default_, by definition > It makes sense therefore to do this: > > html_escape =3D> 1, js_escape =3D> 1, foo_escape =3D> 0 > Of course, it's pretty hard to figure out which TMPL_VARs need to be > escaped in each way. It's also hard to extend this with sanity. s/pretty hard/impossible/; That's why there's only 1 _default_. If there's going to be more HTML vars than URL's, then set default to HTML, and manually set each URL var to ESCAPE=3DURL - or vise-versa - it's still less work to do that before. Carl |
|
From: Mike <mik...@op...> - 2005-10-18 11:35:25
|
Yes, I realise this now. My apologies for confusing the matter. Mike. ----- Original Message ----- From: "Philip Tellis" <phi...@gm...> To: "HTML::Template List" <htm...@li...> Sent: Tuesday, October 18, 2005 9:27 PM Subject: Re: [htmltmpl] option to turn ESCAPE=HTML on by default > Sometime Today, AK cobbled together some glyphs to say: > >> Mike, default_escape can be set to 'URL' or even 'JS' (there's >> Javascript escaping in recent HTML::Template too). That's even tested > > Consider this: > > If I have some code in my template that needs to be html escaped, and > other code that needs to be js escaped, and I want both to be on by > default. > > It makes sense therefore to do this: > > html_escape => 1, js_escape => 1, foo_escape => 0 > > Of course, it's pretty hard to figure out which TMPL_VARs need to be > escaped in each way. It's also hard to extend this with sanity. > > Philip > > -- > The sooner our happiness together begins, the longer it will last. > -- Miramanee, "The Paradise Syndrome", stardate 4842.6 > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Html-template-users mailing list > Htm...@li... > https://lists.sourceforge.net/lists/listinfo/html-template-users |
|
From: Philip T. <phi...@gm...> - 2005-10-18 11:27:58
|
Sometime Today, AK cobbled together some glyphs to say: > Mike, default_escape can be set to 'URL' or even 'JS' (there's > Javascript escaping in recent HTML::Template too). That's even tested Consider this: If I have some code in my template that needs to be html escaped, and other code that needs to be js escaped, and I want both to be on by default. It makes sense therefore to do this: html_escape => 1, js_escape => 1, foo_escape => 0 Of course, it's pretty hard to figure out which TMPL_VARs need to be escaped in each way. It's also hard to extend this with sanity. Philip -- The sooner our happiness together begins, the longer it will last. -- Miramanee, "The Paradise Syndrome", stardate 4842.6 |
|
From: Alex K. <ka...@ra...> - 2005-10-18 11:14:01
|
Mike, default_escape can be set to 'URL' or even 'JS' (there's
Javascript escaping in recent HTML::Template too). That's even tested
in my patch. I use non-html escapings a lot myself and that's why I
did it this way.
* Mike <mik...@op...> [October 18 2005, 15:05]:
> Sorry to be a pain here, but given that there is also a ESCAPE=URL option
> (as Roger pointed out), would it be better to revert back to my original
> suggestion of setting 'html_escape' (and now 'url_escape') to 1 (or ON) in
> the constructor if they are to be defaults for the template file? Exactly
> what they are called I don't mind, but since there are 2 escaping options
> in H::T, using 'default_escape' could be ambiguous.
>
> Alex's patch seems to work well for the html escaping. Perhaps include a
> default url escaping option for completeness.
>
> Mike.
--
Alex Kapranoff,
$n=["1another7Perl213Just3hacker49"=~/\d|\D*/g];
$$n[0]={grep/\d/,@$n};print"@$n{1..4}\n"
|
|
From: Mike <mik...@op...> - 2005-10-18 11:05:21
|
Sorry to be a pain here, but given that there is also a ESCAPE=URL option (as Roger pointed out), would it be better to revert back to my original suggestion of setting 'html_escape' (and now 'url_escape') to 1 (or ON) in the constructor if they are to be defaults for the template file? Exactly what they are called I don't mind, but since there are 2 escaping options in H::T, using 'default_escape' could be ambiguous. Alex's patch seems to work well for the html escaping. Perhaps include a default url escaping option for completeness. Mike. > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Html-template-users mailing list > Htm...@li... > https://lists.sourceforge.net/lists/listinfo/html-template-users |
|
From: Alex K. <ka...@ra...> - 2005-10-18 10:41:34
|
* Sam Tregar <sa...@tr...> [October 17 2005, 21:49]:
> > diff -ruN /tmp/HTML-Template-2.7/Template.pm HTML-Template-2.7/Template.pm
> > --- /tmp/HTML-Template-2.7/Template.pm Fri Jun 18 21:42:06 2004
> > +++ HTML-Template-2.7/Template.pm Mon Oct 17 14:43:36 2005
> > @@ -955,6 +955,7 @@
> > no_includes => 0,
> > case_sensitive => 0,
> > filter => [],
> > + default_template => undef,
>
> That should be "default_template" though, right?
Braino. You're of course right, that should read default_escape :)
> Also, I haven't checked it, but I think you might need to add some
> code to makes sure this setting is inherited by loops. I'm only
> half-sure about that though, so don't be surprised if I'm wrong!
I added tests for loops and includes, they seem to succeed. Updated
patch below.
diff -ruN /tmp/HTML-Template-2.7/Template.pm HTML-Template-2.7/Template.pm
--- /tmp/HTML-Template-2.7/Template.pm Fri Jun 18 21:42:06 2004
+++ HTML-Template-2.7/Template.pm Tue Oct 18 14:24:57 2005
@@ -955,6 +955,7 @@
no_includes => 0,
case_sensitive => 0,
filter => [],
+ default_escape => undef,
);
# load in options supplied to new()
@@ -1076,6 +1077,12 @@
$self->{cache} = \%cache;
}
+ if ($options->{default_escape}) {
+ unless ($options->{default_escape} =~ s/^(html|url|js)$/uc($1)/ie) {
+ croak("Wrong default_escape specified: \"$options->{default_escape}\".");
+ }
+ }
+
print STDERR "### HTML::Template Memory Debug ### POST CACHE INIT ", $self->{proc_mem}->size(), "\n"
if $options->{memory_debug};
@@ -1952,7 +1959,8 @@
$which = uc($1); # which tag is it
- $escape = defined $5 ? $5 : defined $15 ? $15 : 0; # escape set?
+ $escape = defined $5 ? $5 : defined $15 ? $15
+ : (defined $options->{default_escape} && $which eq 'TMPL_VAR') ? $options->{default_escape} : 0; # escape set?
# what name for the tag? undef for a /tag at most, one of the
# following three will be defined
diff -ruN /tmp/HTML-Template-2.7/t/99-old-test-pl.t HTML-Template-2.7/t/99-old-test-pl.t
--- /tmp/HTML-Template-2.7/t/99-old-test-pl.t Fri Jun 18 21:34:59 2004
+++ HTML-Template-2.7/t/99-old-test-pl.t Tue Oct 18 14:35:51 2005
@@ -795,7 +795,7 @@
ok($output =~ /I AM INNER 2/);
# test javascript escaping
-$template = $template = HTML::Template->new(path => ['templates'],
+$template = HTML::Template->new(path => ['templates'],
filename => 'js.tmpl');
$template->param(msg => qq{"He said 'Hello'.\n\r"});
$output = $template->output();
@@ -807,3 +807,32 @@
};
like($@, qr/empty filename/);
+# test default escaping
+
+ok(exists $template->{options}->{default_escape} && !defined $template->{options}->{default_escape}, "default default_escape");
+
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'UrL');
+is($template->{options}->{default_escape}, 'URL');
+$template->param(STUFF => q{Joined with space});
+$output = $template->output();
+like($output, qr{^Joined%20with%20space});
+
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'html');
+$template->param(STUFF => q{Joined&with"cruft});
+$template->param(LOOP => [ { MORE_STUFF => '<&>' }, { MORE_STUFF => '>&<' } ]);
+$template->param(a => '<b>');
+$output = $template->output();
+like($output, qr{^Joined&with"cruft});
+like($output, qr{<&>>&<});
+like($output, qr{because it's <b>});
+
+eval {
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'wml');
+};
+like($@, qr/Wrong default_escape/);
diff -ruN /tmp/HTML-Template-2.7/templates/default_escape.tmpl HTML-Template-2.7/templates/default_escape.tmpl
--- /tmp/HTML-Template-2.7/templates/default_escape.tmpl Thu Jan 1 03:00:00 1970
+++ HTML-Template-2.7/templates/default_escape.tmpl Tue Oct 18 14:33:49 2005
@@ -0,0 +1,4 @@
+<TMPL_VAR STUFF>
+<TMPL_LOOP LOOP><TMPL_VAR MORE_STUFF></TMPL_LOOP>
+
+be<TMPL_INCLUDE default.tmpl>
--
Alex Kapranoff,
$n=["1another7Perl213Just3hacker49"=~/\d|\D*/g];
$$n[0]={grep/\d/,@$n};print"@$n{1..4}\n"
|
|
From: Sam T. <sa...@tr...> - 2005-10-17 17:49:35
|
On Mon, 17 Oct 2005, Alex Kapranoff wrote: > One name, one function, please :) > default_escape => 'html'. > > Patch below, with tests. Very cool. > diff -ruN /tmp/HTML-Template-2.7/Template.pm HTML-Template-2.7/Template.pm > --- /tmp/HTML-Template-2.7/Template.pm Fri Jun 18 21:42:06 2004 > +++ HTML-Template-2.7/Template.pm Mon Oct 17 14:43:36 2005 > @@ -955,6 +955,7 @@ > no_includes => 0, > case_sensitive => 0, > filter => [], > + default_template => undef, That should be "default_template" though, right? Also, I haven't checked it, but I think you might need to add some code to makes sure this setting is inherited by loops. I'm only half-sure about that though, so don't be surprised if I'm wrong! -sam |
|
From: Alex K. <ka...@ra...> - 2005-10-17 10:56:02
|
* Roger Burton West <ro...@fi...> [October 17 2005, 07:10]:
> >my $template = HTML::Template->new(filename=>'filename.tmpl',
> >html_escape=>1);
>
> Orthogonality, please:
> escape => 'html'
>
> just as we have ESCAPE=HTML in the templates.
One name, one function, please :)
default_escape => 'html'.
Patch below, with tests.
diff -ruN /tmp/HTML-Template-2.7/Template.pm HTML-Template-2.7/Template.pm
--- /tmp/HTML-Template-2.7/Template.pm Fri Jun 18 21:42:06 2004
+++ HTML-Template-2.7/Template.pm Mon Oct 17 14:43:36 2005
@@ -955,6 +955,7 @@
no_includes => 0,
case_sensitive => 0,
filter => [],
+ default_template => undef,
);
# load in options supplied to new()
@@ -1076,6 +1077,12 @@
$self->{cache} = \%cache;
}
+ if ($options->{default_escape}) {
+ unless ($options->{default_escape} =~ s/^(html|url|js)$/uc($1)/ie) {
+ croak("Wrong default_escape specified: \"$options->{default_escape}\".");
+ }
+ }
+
print STDERR "### HTML::Template Memory Debug ### POST CACHE INIT ", $self->{proc_mem}->size(), "\n"
if $options->{memory_debug};
@@ -1952,7 +1959,7 @@
$which = uc($1); # which tag is it
- $escape = defined $5 ? $5 : defined $15 ? $15 : 0; # escape set?
+ $escape = defined $5 ? $5 : defined $15 ? $15 : defined $options->{default_escape} ? $options->{default_escape} : 0; # escape set?
# what name for the tag? undef for a /tag at most, one of the
# following three will be defined
diff -ruN /tmp/HTML-Template-2.7/t/99-old-test-pl.t HTML-Template-2.7/t/99-old-test-pl.t
--- /tmp/HTML-Template-2.7/t/99-old-test-pl.t Fri Jun 18 21:34:59 2004
+++ HTML-Template-2.7/t/99-old-test-pl.t Mon Oct 17 14:54:18 2005
@@ -795,7 +795,7 @@
ok($output =~ /I AM INNER 2/);
# test javascript escaping
-$template = $template = HTML::Template->new(path => ['templates'],
+$template = HTML::Template->new(path => ['templates'],
filename => 'js.tmpl');
$template->param(msg => qq{"He said 'Hello'.\n\r"});
$output = $template->output();
@@ -807,3 +807,24 @@
};
like($@, qr/empty filename/);
+# test default escaping
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'UrL');
+$template->param(STUFF => q{Joined with space});
+$output = $template->output();
+is($output, q{Joined%20with%20space} . "\n");
+
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'html');
+$template->param(STUFF => q{Joined&with"cruft});
+$output = $template->output();
+is($output, q{Joined&with"cruft} . "\n");
+
+eval {
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'wml');
+};
+like($@, qr/Wrong default_escape/);
diff -ruN /tmp/HTML-Template-2.7/templates/default_escape.tmpl HTML-Template-2.7/templates/default_escape.tmpl
--- /tmp/HTML-Template-2.7/templates/default_escape.tmpl Thu Jan 1 03:00:00 1970
+++ HTML-Template-2.7/templates/default_escape.tmpl Mon Oct 17 14:47:39 2005
@@ -0,0 +1 @@
+<TMPL_VAR STUFF>
--
Alex Kapranoff,
$n=["1another7Perl213Just3hacker49"=~/\d|\D*/g];
$$n[0]={grep/\d/,@$n};print"@$n{1..4}\n"
|
|
From: Roger B. W. <ro...@fi...> - 2005-10-17 03:10:36
|
On Mon, Oct 17, 2005 at 10:08:13AM +1000, Mike wrote: >my $template = HTML::Template->new(filename=>'filename.tmpl', >html_escape=>1); Orthogonality, please: escape => 'html' just as we have ESCAPE=HTML in the templates. Remember that there also exists ESCAPE=URL, and I'm sure various people have mentioned add-on ESCAPE filters. Roger |
|
From: Mike <mik...@op...> - 2005-10-17 00:07:19
|
I think that would be a good idea. Perhaps have an extra parameter when creating a new template object such as html_escape: my $template = HTML::Template->new(filename=>'filename.tmpl', html_escape=>1); ...to turn all escaping for that object on by default. If the programmer wanted the existing default (no escaping) then leave that parameter out during object creation. And still have the current ability to turn escaping on (ESCAPE=HTML or ESCAPE=1) or off (ESCAPE=0) within the template file. Mike. ----- Original Message ----- From: "Mathew Robertson" <mat...@ne...> To: <htm...@li...> Sent: Monday, October 17, 2005 9:46 AM Subject: Re: [htmltmpl] option to turn ESCAPE=HTML on by default > If this is going to happen, can we make it optional, as some of us dont > want escaping. > > Mathew > >>>I'm curious about what other people think about an option to >>>turn ESCAPE=HTML on default, to protect against cross script scripting >>>practices by default. >>Sure, sounds reasonable to me. >> > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Html-template-users mailing list > Htm...@li... > https://lists.sourceforge.net/lists/listinfo/html-template-users |
|
From: Mathew R. <mat...@ne...> - 2005-10-16 23:48:37
|
If this is going to happen, can we make it optional, as some of us dont want escaping. Mathew >>I'm curious about what other people think about an option to >>turn ESCAPE=HTML on default, to protect against cross script scripting >>practices by default. >> >> >Sure, sounds reasonable to me. > > |
|
From: Aaron D. <aa...@da...> - 2005-10-14 21:06:56
|
We're pleased to announce that Krang v2.000 is now available. This
is a full fledged major release. Although largely the same as v1.999.
2.000 is more mature with numerous bug fixes and enhancements. Also not
to be ignored is the availability of time saving binary distributions
for Fedora core 3, Fedora core 4, FreeBSD and RedHat Enterprise Linux 4.
Notable changes in this release:
* Fixed a bug in bin/krang_backup where foreign key constraints in the wrong
order were conflicting with addons containing innodb tables. Patch sets
foreign_key_checks=0 at the top of the dump file.
* Fixed a bug in Krang::Publisher::ZeroSizeOutPut().
* Added 'delete' action to track in Krang::History::add_history().
Added add_history() calls in Krang::Story::delete(),
Krang::Template::delete(), and Krang::Media::delete()
* Converted default element set to use Krang::ClassLoader and
Krang::ClassFactory in compliance with new addon system.
* Fixed a bug where deleting an element and then reverting to an older
version where that element existed didn't properly restore the
element. The old element would load properly but save wouldn't
restore it in the database.
* Added support for Fedora Core 4.
* Added Binaries for Fedora core 3 and 4, FreeBSD 5.4 and
RedHat Enterprise Linux 4
For more information about Krang, visit the Krang website:
http://krang.sourceforge.net/
There you can download Krang, view screenshots, read documentation,
join our mailing-lists and access the CVS tree.
Detailed change-log here: http://krang.sf.net/docs/changelog.html
Krang is an Open Source web-publisher / content-management system
designed for large-scale magazine-style websites. It is a 100% Perl
application using Apache/mod_perl and MySQL, as well as numerous CPAN
modules.
Krang provides a powerful and easy to use story and media editing
environment for magazine editors, as well as a complete template
development environment for web designers. On the back-end, Perl
programmers can customize Krang to control the data entered in the
story editor and add code to drive the templates to build
output. Krang can be enhanced with add-ons containing new skins and
other new features. Krang easily handles large data sets and can
manage multiple websites in a single installation.
- the Krang team
----
Aaron Dancygier
|
|
From: Karen <kar...@gm...> - 2005-10-14 19:58:54
|
On 10/14/05, Sam Tregar <sa...@tr...> wrote: > Nope, and I hope the documentation didn't promise any. I'm firmly in > favor of exclusively using exceptions for errors, rather than C-style > boolean returns. Didn't say one way or t'other, hence my question. It might be worth putting that in the docco, though, since boolean returns are popular enough to be considered the unwritten default. |
|
From: Sam T. <sa...@tr...> - 2005-10-14 19:48:58
|
On Fri, 14 Oct 2005, Karen wrote: > Problem solved. Sam, any particular pattern to param's return value > when setting it? Nope, and I hope the documentation didn't promise any. I'm firmly in favor of exclusively using exceptions for errors, rather than C-style boolean returns. -sam |
|
From: Karen <kar...@gm...> - 2005-10-14 18:52:49
|
On 10/14/05, Petrov Dmithriy <el...@ne...> wrote: > Damn! Big thanks!!! :) I just noticed I've been hitting "reply" instead of "reply to all" (I vastly prefer lists that have reply-to set to the list, and yes, I'm aware of the arguments against it), so I'll executive-summarize for the list at large: turns out calling "$template->param(blahblahblah...) or die" isn't always a good thing since param doesn't always return true even when successful. Problem solved. Sam, any particular pattern to param's return value when setting it? |
|
From: Sam T. <sa...@tr...> - 2005-10-14 17:05:39
|
On Fri, 14 Oct 2005, Mark Stosberg wrote: > I'm curious about what other people think about an option to > turn ESCAPE=HTML on default, to protect against cross script scripting > practices by default. Sure, sounds reasonable to me. -sam |
|
From: Paul B. <pb...@wh...> - 2005-10-14 16:51:39
|
On Oct 14, 2005, at 9:37 AM, Mark Stosberg wrote:
> I'm curious about what other people think about an option to
> turn ESCAPE=3DHTML on default, to protect against cross script =
scripting
> practices by default.
OMG YES!! 95% of all my vars have ESCAPE=3DHTML on them. Making this the=20=
default would take away a lot of extra typing. But to turn it off for=20
the 5% I don't need escaped, ESCAPE=3D0 or ESCAPE=3DNONE or ESCAPE=3DNO =
would=20
be better.
--=20
Paul Baker
"Yes, we did produce a near-perfect republic. But will they keep it? Or=20=
will they, in the enjoyment of plenty, lose the memory of freedom?=94
-- Thomas Jefferson in a letter to John Adams
GPG Key: http://homepage.mac.com/pauljbaker/public.asc
|
|
From: Petrov D. <el...@ne...> - 2005-10-14 16:51:36
|
On Friday 14 October 2005 20:39, Roger Burton West wrote: > On Fri, Oct 14, 2005 at 08:26:05PM +0400, Petrov Dmithriy wrote: > >Bad file descriptor :( > > Switch it to lower-case news? Templates aren't case-sensitive, by > default at least. > I have upper-case letters both in template and script... Damn, is's very simple template! What the [censored] "file descriptor" can be in param()? |
|
From: Roger B. W. <ro...@fi...> - 2005-10-14 16:39:18
|
On Fri, Oct 14, 2005 at 08:26:05PM +0400, Petrov Dmithriy wrote: >Bad file descriptor :( Switch it to lower-case news? Templates aren't case-sensitive, by default at least. |
|
From: Petrov D. <el...@ne...> - 2005-10-14 16:26:22
|
On Friday 14 October 2005 20:08, Roger Burton West wrote:
> You're passing a hashref to param(). Try:
>
> $tmpl->param('NEWS' => [{'created' => '2005-10-15', 'text' =>
> 'sdadsdsdsdw1re32fqr'}]);
>
> Roger
>
Bad file descriptor :(
|
|
From: Roger B. W. <ro...@fi...> - 2005-10-14 16:08:50
|
On Fri, Oct 14, 2005 at 07:58:44PM +0400, Petrov Dmithriy wrote:
>Hi, all!
>I gets subj error while substitute parameters for simple template.
>$tmpl->param({'NEWS' => [{'created' => '2005-10-15', 'text' =>
>'sdadsdsdsdw1re32fqr'}]});
You're passing a hashref to param(). Try:
$tmpl->param('NEWS' => [{'created' => '2005-10-15', 'text' =>
'sdadsdsdsdw1re32fqr'}]);
Roger
|
|
From: Petrov D. <el...@ne...> - 2005-10-14 15:58:53
|
Hi, all!
I gets subj error while substitute parameters for simple template.
$tmpl->param({'NEWS' => [{'created' => '2005-10-15', 'text' =>
'sdadsdsdsdw1re32fqr'}]});
Template is:
<table>
<TMPL_LOOP name="NEWS"><tr>
<td>
<b><TMPL_VAR name="created"></b><br>
<pre><TMPL_VAR name="text"></pre>
</td>
</tr></TMPL_LOOP>
</table>
Can anybody help me?
|
|
From: Mark S. <ma...@su...> - 2005-10-14 15:26:24
|
On 2005-10-14, Roger Burton West <ro...@fi...> wrote:
> On Fri, Oct 14, 2005 at 06:49:40PM +0400, Alex Kapranoff wrote:
>>* Mark Stosberg <ma...@su...> [October 14 2005, 18:37]:
>>> I'm curious about what other people think about an option to
>>> turn ESCAPE=HTML on default, to protect against cross script scripting
>>> practices by default.
>>All for it. About 10% of my TMPL_VARS are not escaped. "NOESCAPE=html"
>>looks very confusing. Should probably be "ESCAPE=none".
You are right. Thanks for the refinement.
Mark
|
|
From: Roger B. W. <ro...@fi...> - 2005-10-14 15:12:14
|
On Fri, Oct 14, 2005 at 06:49:40PM +0400, Alex Kapranoff wrote: >* Mark Stosberg <ma...@su...> [October 14 2005, 18:37]: >> I'm curious about what other people think about an option to >> turn ESCAPE=HTML on default, to protect against cross script scripting >> practices by default. >All for it. About 10% of my TMPL_VARS are not escaped. "NOESCAPE=html" >looks very confusing. Should probably be "ESCAPE=none". Agreed, and that's a better option - remembering that we have ESCAPE=url as a possible mode as well, and others in extension modules. default_escape_mode would make sense as a parameter name. R |
|
From: Alex K. <ka...@ra...> - 2005-10-14 14:48:55
|
* Mark Stosberg <ma...@su...> [October 14 2005, 18:37]:
> I'm curious about what other people think about an option to
> turn ESCAPE=HTML on default, to protect against cross script scripting
> practices by default.
>
> This seems especially valuable when the convenient "associate => $q"
> option is used.
>
> Then programmers would be forcing themselves to consciously add
> "NOESCAPE=html" to a tag.
>
> To me, this seems like the equivalent of turning "use strict" on by
> default, and explicitly declaring "no strict" where needed.
>
> Thoughts?
All for it. About 10% of my TMPL_VARS are not escaped. "NOESCAPE=html"
looks very confusing. Should probably be "ESCAPE=none".
--
Alex Kapranoff,
$n=["1another7Perl213Just3hacker49"=~/\d|\D*/g];
$$n[0]={grep/\d/,@$n};print"@$n{1..4}\n"
|
17 messages has been excluded from this view by a project administrator.
