html-template-users Mailing List for HTML::Template (Page 7)
Brought to you by:
samtregar
Menu
▾
▴
html-template-users — Discussion of HTML::Template and related modules
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(42) |
Jul
(80) |
Aug
(77) |
Sep
(97) |
Oct
(65) |
Nov
(80) |
Dec
(39) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(63) |
Feb
(47) |
Mar
(45) |
Apr
(63) |
May
(67) |
Jun
(51) |
Jul
(78) |
Aug
(37) |
Sep
(45) |
Oct
(59) |
Nov
(50) |
Dec
(70) |
| 2004 |
Jan
(23) |
Feb
(90) |
Mar
(37) |
Apr
(53) |
May
(111) |
Jun
(71) |
Jul
(35) |
Aug
(58) |
Sep
(35) |
Oct
(35) |
Nov
(35) |
Dec
(20) |
| 2005 |
Jan
(51) |
Feb
(19) |
Mar
(20) |
Apr
(8) |
May
(26) |
Jun
(14) |
Jul
(49) |
Aug
(24) |
Sep
(20) |
Oct
(49) |
Nov
(17) |
Dec
(53) |
| 2006 |
Jan
(12) |
Feb
(26) |
Mar
(45) |
Apr
(19) |
May
(19) |
Jun
(13) |
Jul
(11) |
Aug
(9) |
Sep
(10) |
Oct
(16) |
Nov
(17) |
Dec
(13) |
| 2007 |
Jan
(9) |
Feb
(12) |
Mar
(28) |
Apr
(33) |
May
(12) |
Jun
(12) |
Jul
(19) |
Aug
(4) |
Sep
(4) |
Oct
(5) |
Nov
(5) |
Dec
(13) |
| 2008 |
Jan
(6) |
Feb
(7) |
Mar
(14) |
Apr
(16) |
May
(3) |
Jun
(1) |
Jul
(12) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
(9) |
| 2009 |
Jan
(9) |
Feb
|
Mar
(10) |
Apr
(1) |
May
|
Jun
(6) |
Jul
(5) |
Aug
(3) |
Sep
(7) |
Oct
(1) |
Nov
(15) |
Dec
(1) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
(9) |
May
|
Jun
|
Jul
(5) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(3) |
Mar
|
Apr
(28) |
May
|
Jun
|
Jul
(3) |
Aug
(4) |
Sep
(3) |
Oct
|
Nov
(8) |
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
(2) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
|
From: Justin S. <ju...@sk...> - 2008-06-25 08:36:16
|
Thought people may be interested in this - this is the first Major (2 -
> 3) release of the program since 2000. Not to say I've been
lollygagging for that long or anythin'. The, "Advanced Email
Templating System" fancy-talk is HTML::Template in action.
Download Dada Mail:
http://dadamailproject.com/download
Dada Mail is a Free Download. We suggest upgrading any version of Dada
Mail created to Dada Mail 3.
For a quick tour of the new features:
http://dadamailproject.com/features/3_0/
:: What is Dada Mail?
Dada Mail is a completely contemporary, mature and intuitive web-based
e-mail list management system, which runs on most any Unix-like
hosting account that can run custom CGI scripts. Dada Mail is also a
conceptual art project.
Dada Mail handles Closed-Loop Opt-in/Opt-out subscriptions, sending
complex announce-only and/or discussion mailing list messages with an
advanced, fault-tolerant mass mailing monitor, supports the archiving/
viewing/searching/resending/syndicating (rss, atom) of sent messages
and doing all this and a whole lot more with style.
Dada Mail can handle custom subscriber fields and you can use the
information it captures for partial list sending based on a query and
Dada Mail's email templating system allows you to create targeted and
completely custom email messages for each and every one one of your
subscribers.
Dada Mail is bundled with additional plugins and extensions to extend
Dada Mail's capabilities. Some of the plugins/extensions support
advanced bounce handling, click-through tracking, mass mail
scheduling, blog interfaces of archived messages, AJAX subscription
form trickery and lots of other surprises.
Dada Mail produces XHTML valid web content and sticks to best
practices when creating email messages. Write Once: Distribute
Everywhere. Dada Mail is free software that you're able to use,
modify, share and enhance under the terms of the GNU General Public
License. Dada Mail is written in Perl because we love Perl.
:: The Dada Mail Demo
Want to play around with the program before downloading? Try our demo:
http://demo.dadamailproject.com
:: Installation Instructions:
http://dadamailproject.com/installation/
:: Docs:
http://dadamailproject.com/support/documentation
:: Change Log:
http://dadamailproject.com/support/documentation-dada-3_0_0/changes.pod.html
Cheers,
Justin
http://dadamailproject.com
|
|
From: Damien C. <d....@cq...> - 2008-05-15 05:46:02
|
G'day Dave/Everyone, On 15/5/08 1:54 PM, "David Kaufman" <da...@gi...> wrote: > > Very nice work, Damien! Thank-you. :) > ... > But there have still been many times that I wished could "bolt on" a new > escape=rot13 or something. We can filter the template with our own > arbitrary code, so it would be great to have the capability to also filter > the data. > Thanks for your feedback Dave. I agree and have sent this patch to Sam a couple of months ago, but I guess he has been too busy to respond. Sam, if you are reading this and have a spare moment, I'd love to hear back from you as to whether you are happy to incorporate this patch into the distribution. Cheers, Damo. |
|
From: David K. <da...@gi...> - 2008-05-15 03:55:17
|
"Damien Clark" <d....@cq...> wrote: > I would like to extend HTML::Template to allow the user to implement > their own arbitrary escape functionality. [...] I am proposing the > following changes to the HTML::Template API and template format: > > . Extend the syntax for <tmpl_var escape=(JS,HTML,URL,NONE,1,0)> to > include user provided attribute values. Examples are probably more > clear: <tmpl_var name=¹bla¹ escape=php> or in my case <tmpl_var > name=¹bla2¹ escape=sql>. > > . The constructor to take the option ³escape² with the value being a > hashref. The keys will be the escape names gives in the templates > (e.g. php or sql) and the value a reference to a subroutine that is > provided by the user to escape any special meanings to the syntax used > in that context. Very nice work, Damien! +1 on the inclusion of this oft-requested feature! I started to write the same patch a few years ago, thinking "this should be easy," but stumbled when I realized just how easy it wasn't :-) Shortly thereafter Sam accepted Craig Manley's patch that added escape=JS (to the list of hard-coded escapes) and my immediate need for user-defined escaping went away. But there have still been many times that I wished could "bolt on" a new escape=rot13 or something. We can filter the template with our own arbitrary code, so it would be great to have the capability to also filter the data. -dave PS: kudos too, for including tests! |
|
From: Mark F. <azf...@gm...> - 2008-04-29 15:29:13
|
On Tue, Apr 29, 2008 at 8:05 AM, James Hardy <sou...@we...> wrote: > It might be an idea to include that in the docs for people like me who are > still a little clueless about the many ways of doing the same thing in Perl. You can also annotate the POD on CPAN. I've found a lot of useful information in annotations. Annotations might also serve as a reminder to the maintainers of what people find unclear about the docs. Mark |
|
From: James H. <sou...@we...> - 2008-04-29 15:06:26
|
2008/4/29 Roger Burton West <ro...@fi...>:
> On Tue, Apr 29, 2008 at 02:39:17PM +0100, James Hardy wrote:
> >the example
> >code for section 5 is the same as the example for section 4 after "# And
> >with some TMPL_LOOPs:", and as such doesn't seem to use a hashref at all.
>
> It's not, you know.
>
> $self->param(PARAM => 'value',
> PARAM2 => 'value',
> [...]
>
> vs
>
> $self->param(
> {
> PARAM => 'value',
> PARAM2 => 'value',
> [...]
>
> Roger
>
Fantastic, I'd looked at that for so long and never notices the braces, I
was expecting a hash ref as a variable either \%hash or $hashref, with the
hash being defined previously (which I have just tested and it works fine).
It might be an idea to include that in the docs for people like me who are
still a little clueless about the many ways of doing the same thing in Perl.
Thanks,
James
|
|
From: Roger B. W. <ro...@fi...> - 2008-04-29 13:59:45
|
On Tue, Apr 29, 2008 at 02:39:17PM +0100, James Hardy wrote:
>the example
>code for section 5 is the same as the example for section 4 after "# And
>with some TMPL_LOOPs:", and as such doesn't seem to use a hashref at all.
It's not, you know.
$self->param(PARAM => 'value',
PARAM2 => 'value',
[...]
vs
$self->param(
{
PARAM => 'value',
PARAM2 => 'value',
[...]
Roger
|
|
From: James H. <sou...@we...> - 2008-04-29 13:39:32
|
Hi there, Looking at the documentation at http://search.cpan.org/~samtregar/HTML-Template-2.9/Template.pm#param() and at http://html-template.sourceforge.net/html_template.html#param() it is not clear how to use a hashref to set a number of parameters as the example code for section 5 is the same as the example for section 4 after "# And with some TMPL_LOOPs:", and as such doesn't seem to use a hashref at all. Hope you can help, regards, James Hardy |
|
From: Mertel, M. <mm...@at...> - 2008-04-29 13:22:29
|
Thanks. That's what I'm doing. I was looking for a programmatic way of
accomplishing it:
my @inputs = $template->cgi ( 'input' );
foreach my $input ( @{ $template->cgi ( 'input' ) } ) {
$input->set_attribute ( 'readonly', 'readonly' );
}
---
Mark Mertel
TEK systems
Desk: 425.288.7214
Mobile: 206.353.2663
-----Original Message-----
From: htm...@li...
[mailto:htm...@li...] On Behalf Of
Sven Neuhaus
Sent: Tuesday, April 29, 2008 12:39 AM
To: htm...@li...
Subject: Re: [htmltmpl] fetch the CGI objects
Mertel, Mark schrieb:
> After loading the template, can I fetch all of the input fields and
set
> them to readonly?
Wether or not a input field is disabled is controlled by the disabled
Attribute of the HTML element.
For HTML 4.01:
<input disabled ...>
For XHTML:
<input disabled="disabled" .../>
So, if you want to control the disabled status from your script, you can
use this in your template:
For HTML 4.01:
<input <TMPL_VAR NAME="disabled_flag"> ...>
For XHTML:
<input <TMPL_VAR NAME="disabled_flag"> .../>
In your source code, you can then choose to set the flag:
For HTML 4.01:
$template->param(disabled_flag => "disabled");
For XHTML:
$template->param(disabled_flag => 'disabled="disabled"');
Hope that helps...
Regards,
-Sven Neuhaus
------------------------------------------------------------------------
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/j
avaone
_______________________________________________
Html-template-users mailing list
Htm...@li...
https://lists.sourceforge.net/lists/listinfo/html-template-users
|
|
From: Sven N. <sve...@sv...> - 2008-04-29 07:39:26
|
Mertel, Mark schrieb: > After loading the template, can I fetch all of the input fields and set > them to readonly? Wether or not a input field is disabled is controlled by the disabled Attribute of the HTML element. For HTML 4.01: <input disabled ...> For XHTML: <input disabled="disabled" .../> So, if you want to control the disabled status from your script, you can use this in your template: For HTML 4.01: <input <TMPL_VAR NAME="disabled_flag"> ...> For XHTML: <input <TMPL_VAR NAME="disabled_flag"> .../> In your source code, you can then choose to set the flag: For HTML 4.01: $template->param(disabled_flag => "disabled"); For XHTML: $template->param(disabled_flag => 'disabled="disabled"'); Hope that helps... Regards, -Sven Neuhaus |
|
From: Mertel, M. <mm...@at...> - 2008-04-28 22:33:24
|
After loading the template, can I fetch all of the input fields and set them to readonly? --- Mark Mertel TEK systems Desk: 425.288.7214 Mobile: 206.353.2663 |
|
From: Brad B. <bm...@ma...> - 2008-04-23 15:22:00
|
On Tue, Apr 22, 2008 at 5:22 PM, Mertel, Mark <mm...@at...> wrote:
> So, I want to do this:
>
> <tmpl_loop loop>
>
> <tmpl_var name>
>
> <tmpl_loop list>
>
> <tmpl_var list_name>
>
> </tmpl_loop
>
> </tmpl_loop>
>
>
>
> Where 'list' is a separate array and not nested in the loop data
> structure.
>
> Can I do this?
>
Short answer: no; or: it depends what you mean by 'separate'.
To paraphrase the example in the docs:
1 #!/usr/local/bin/perl
2
3 use strict;
4 use warnings;
5 use HTML::Template;
6
7 my @array = <DATA>;
8 my $template = HTML::Template->new( arrayref => \@array );
9
10 $template->param(loop => [
11 { name => 'Bobby',
12 list => [
13 { list_name => 'the big bad wolf' },
14 { list_name => 'He-Man' },
15 ],
16 },
17 ],
18 );
19 my $stuff = $template->output;
20 print $stuff;
21
22
23 __DATA__
24 <tmpl_loop loop>
25
26 <tmpl_var name>
27
28 <tmpl_loop list>
29
30 <tmpl_var list_name>
31
32 </tmpl_loop>
33
34 </tmpl_loop>
However, you could have a separate array whose reference you use
in the param() call, e.g.,
1 #!/usr/local/bin/perl
2
3 use strict;
4 use warnings;
5 use HTML::Template;
6
7 my @array = <DATA>;
8 my $template = HTML::Template->new( arrayref => \@array );
9 my @list = (
10 { list_name => 'the big bad wolf' },
11 { list_name => 'He-Man' },
12 );
13
14 $template->param(loop => [
15 { name => 'Bobby',
16 list => \@list,
17 },
18 ],
19 );
20 my $stuff = $template->output;
21 print $stuff;
22
23
24 __DATA__
25 <tmpl_loop loop>
26
27 <tmpl_var name>
28
29 <tmpl_loop list>
30
31 <tmpl_var list_name>
32
33 </tmpl_loop>
34
35 </tmpl_loop>
|
|
From: Mertel, M. <mm...@at...> - 2008-04-22 21:23:17
|
So, I want to do this:
<tmpl_loop loop>
<tmpl_var name>
<tmpl_loop list>
<tmpl_var list_name>
</tmpl_loop
</tmpl_loop>
Where 'list' is a separate array and not nested in the loop data
structure.
Can I do this?
---
Mark Mertel
TEK systems
Desk: 425.288.7214
Mobile: 206.353.2663
|
|
From: Mathew R. <mat...@ne...> - 2008-04-18 01:22:01
|
Hi Alex, I dont think anyone has responded yet... turning off die_on_bad_params is a common thing - some say it should be the default behaviour.** You dont really need it. cheers, Mathew Robertson ** ie: the GUI developer may choose to not use some params -> the output shouldn't die simply because of this choice. Alternatively, there was some discussion previously regarding a "die_on_unset_params" which causes your page to die when the GUI developer uses an unset param, which some people find more useful. Alex Teslik wrote: > On Mon, 14 Apr 2008 23:55:27 +0100, Roger Burton West wrote > >> On Mon, Apr 14, 2008 at 02:53:54PM -0800, Alex Teslik wrote: >> >> >>> HTML::Template : Attempt to set nonexistent parameter 'outer_var' - this >>> parameter name doesn't match any declarations in the template file : >>> (die_on_bad_params => 1) at >>> /usr/local/lib/perl5/site_perl/5.8.5/HTML/Template.pm 3068 at at test.pl >>> > line 30 > >> Turn off die_on_bad_params. >> >> R >> > > Hi Roger, > > Thanks again. Unfortunately, I don't think that solution is going to work > for me - I need to run die_on_bad_params to catch errors. I guess I'm just > wondering if this behavior also seems broken to anyone else? > > Thanks, > Alex > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Html-template-users mailing list > Htm...@li... > https://lists.sourceforge.net/lists/listinfo/html-template-users > |
|
From: Alex T. <al...@ac...> - 2008-04-15 05:56:19
|
On Mon, 14 Apr 2008 23:55:27 +0100, Roger Burton West wrote > On Mon, Apr 14, 2008 at 02:53:54PM -0800, Alex Teslik wrote: > > >HTML::Template : Attempt to set nonexistent parameter 'outer_var' - this > >parameter name doesn't match any declarations in the template file : > >(die_on_bad_params => 1) at > >/usr/local/lib/perl5/site_perl/5.8.5/HTML/Template.pm 3068 at at test.pl line 30 > > Turn off die_on_bad_params. > > R Hi Roger, Thanks again. Unfortunately, I don't think that solution is going to work for me - I need to run die_on_bad_params to catch errors. I guess I'm just wondering if this behavior also seems broken to anyone else? Thanks, Alex |
|
From: Roger B. W. <ro...@fi...> - 2008-04-14 22:55:34
|
On Mon, Apr 14, 2008 at 02:53:54PM -0800, Alex Teslik wrote: >HTML::Template : Attempt to set nonexistent parameter 'outer_var' - this >parameter name doesn't match any declarations in the template file : >(die_on_bad_params => 1) at >/usr/local/lib/perl5/site_perl/5.8.5/HTML/Template.pm 3068 at at test.pl line 30 Turn off die_on_bad_params. R |
|
From: Alex T. <al...@ac...> - 2008-04-14 22:54:16
|
On Mon, 14 Apr 2008 18:03:53 +0100, Roger Burton West wrote
> On Mon, Apr 14, 2008 at 07:38:03AM -0800, Alex Teslik wrote:
>
> >$template->param(
> > OUTER_LOOP => [
> > { OUTER_VAR => 'I AM THE OUTER VAR' },
> > { INNER_LOOP => [
> > { INNER_VAR => 'I AM THE
> >INNER VAR' },
> > ]
> > },
> > ],
> > );
>
> Your data structure is wrong.
>
> Each entry in the OUTER_LOOP list is one element in the loop. You
> have two elements; the first one only sets OUTER_VAR and the second
> one only contains INNER_LOOP. So you're going round the loop twice,
> and OUTER_VAR is undefined the second time round. Try this (not
> checked):
>
> $template->param(
> OUTER_LOOP => [
> { OUTER_VAR => 'I AM THE OUTER
> VAR' , INNER_LOOP => [ {
> INNER_VAR => 'I AM THE INNER VAR' },
> ] },
> ], );
>
> Roger
>
Hi Roger,
Thank you for spotting that. That works as expected:
----
OUTER: I AM THE OUTER VAR
INNER: I AM THE INNER VAR
INSIDE OUT: I AM THE OUTER VAR
----
My next step was to then remove the outer_var from the outer_loop in the
template, but still use it in the inner_loop in the template (as indicated in
the changelog):
<TMPL_LOOP OUTER_LOOP>
<!-- no outer_var here anymore -->
<TMPL_LOOP INNER_LOOP>
INNER: <TMPL_VAR INNER_VAR>
INSIDE OUT: <TMPL_VAR OUTER_VAR>
</TMPL_LOOP>
</TMPL_LOOP>
but that does not work as expected:
HTML::Template : Attempt to set nonexistent parameter 'outer_var' - this
parameter name doesn't match any declarations in the template file :
(die_on_bad_params => 1) at
/usr/local/lib/perl5/site_perl/5.8.5/HTML/Template.pm 3068 at at test.pl line 30
It seems that unused outer_loop variables do not work in inner_loops as
indicated in the changelog.
Thanks,
Alex
|
|
From: Roger B. W. <ro...@fi...> - 2008-04-14 17:04:47
|
On Mon, Apr 14, 2008 at 07:38:03AM -0800, Alex Teslik wrote:
>$template->param(
> OUTER_LOOP => [
> { OUTER_VAR => 'I AM THE OUTER VAR' },
> { INNER_LOOP => [
> { INNER_VAR => 'I AM THE
>INNER VAR' },
> ]
> },
> ],
> );
Your data structure is wrong.
Each entry in the OUTER_LOOP list is one element in the loop. You have
two elements; the first one only sets OUTER_VAR and the second one only
contains INNER_LOOP. So you're going round the loop twice, and OUTER_VAR
is undefined the second time round. Try this (not checked):
$template->param(
OUTER_LOOP => [
{ OUTER_VAR => 'I AM THE OUTER VAR' ,
INNER_LOOP => [ { INNER_VAR => 'I AM THE
INNER VAR' },
]
},
],
);
Roger
|
|
From: Alex T. <al...@ac...> - 2008-04-14 15:38:27
|
Hello,
I am trying to perform an inner/outer loop with global_vars set, as shown
in the H:T man page:
# test.tmpl - from the man page ----------
<TMPL_LOOP OUTER_LOOP>
OUTER: <TMPL_VAR OUTER_VAR>
<TMPL_LOOP INNER_LOOP>
INNER: <TMPL_VAR INNER_VAR>
INSIDE OUT: <TMPL_VAR OUTER_VAR>
</TMPL_LOOP>
</TMPL_LOOP>
# test.pl ------------------
#!/usr/bin/perl -w
use strict;
use HTML::Template 2.9;
my $template = HTML::Template->new(
filename => 'test.tmpl',
die_on_bad_params => 1,
loop_context_vars => 1,
global_vars => 1,
);
$template->param(
OUTER_LOOP => [
{ OUTER_VAR => 'I AM THE OUTER VAR' },
{ INNER_LOOP => [
{ INNER_VAR => 'I AM THE
INNER VAR' },
]
},
],
);
print $template->output;
This processes, but outputs:
----
OUTER: I AM THE OUTER VAR
OUTER:
INNER: I AM THE INNER VAR
INSIDE OUT:
----
I suppose thats somewhat close to what I would expect, except that the
outer_var is not available inside the inner_loop. I was also a little bit
surprised that the inner_loop was iterated over by the outer loop, resulting
in two 'OUTER:' outputs - but when I think about it I suppose that could be
considered correct, although slightly odd IMO.
So I tweaked my code to something simpler that seemed like it should work:
#!/usr/bin/perl -w
use strict;
use HTML::Template 2.9;
$template = HTML::Template->new(
filename => 'test.tmpl',
die_on_bad_params => 1,
loop_context_vars => 1,
global_vars => 1,
);
$template->param(
OUTER_LOOP => [ { OUTER_VAR => 'I AM THE OUTER VAR' } ],
INNER_LOOP => [ { INNER_VAR => 'I AM THE INNER VAR' } ],
);
print $template->output;
Just two simple loops for use in the template. But this one dies with:
HTML::Template : Attempt to set nonexistent parameter 'inner_loop' - this
parameter name doesn't match any declarations in the template file :
(die_on_bad_params => 1) at test.pl line 42
I'm surprised I cannot get the man page example to work correctly. Does anyone
have any ideas on this?
Thanks,
Alex
P.S - My next step involves something like this:
<TMPL_LOOP OUTER_LOOP>
<TMPL_LOOP INNER_LOOP>
INNER: <TMPL_VAR INNER_VAR>
INSIDE OUT: <TMPL_VAR OUTER_VAR>
</TMPL_LOOP>
</TMPL_LOOP>
where all the outer_loop vars are actually used in the inner_loop, and never
used in the outer_loop. This specific functionality is fixed in version 2.9
according to the changelog:
http://search.cpan.org/src/SAMTREGAR/HTML-Template-2.9/Changes
- Bug Fix: Long-standing bug where variables set in a loop weren't
available inside inner loops under global_vars if the variable
wasn't actually used in the outer loop. (Thanks to Richard Fein
for help debugging the fix.)
|
|
From: Mike M. <mac...@ya...> - 2008-04-08 21:17:24
|
If you want to be sure not break a template this might be embedded into you'll
need to take care of the </TMPL...> tags in the untrusted input as well.
--Mike MacKenzie
--- Justin Simoni <ju...@sk...> wrote:
> Here's one for everyone:
>
> I'm receiving data from $Untrusted_Source, that may have malicious
> code, in the form of H::T tags that I'd like to simply sanitize by
> munging it enough that it won't parse when run through H::T, but won't
> *break* H::T as well.
>
> Can anyone think of a simple-ish regex to do this? Something like:
>
> my $untrusted = <STDIN>; # (or, where ever)
> $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
> $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
>
> That may be all there is to it - am I missing some menacing edge case?
>
> --
>
> Justin Simoni
>
> http://justinsimoni.com :: Art Portfolio
>
>
>
>
>
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Html-template-users mailing list
> Htm...@li...
> https://lists.sourceforge.net/lists/listinfo/html-template-users
>
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
|
|
From: Justin S. <ju...@sk...> - 2008-03-27 20:29:25
|
On Mar 27, 2008, at 8:19 AM, Alex Teslik wrote:
> Yes, you are forgetting all the closing tags
Ah! You are right.
Anything else?
I'll have to check the docs to see if I can't apply a filter to the
template after being filled out - it would be fun to then re-set the
tags I just broke.
>J
On Mar 27, 2008, at 8:19 AM, Alex Teslik wrote:
> Yes, you are forgetting all the closing tags.
>
> Another option would be to just eval the code as passed to a test HT
> object.
> If it breaks HT you can catch it from the eval.
>
> HTH,
> Alex
>
>
> On Thu, 27 Mar 2008 04:43:41 -0600, Justin Simoni wrote
>> Here's one for everyone:
>>
>> I'm receiving data from $Untrusted_Source, that may have malicious
>> code, in the form of H::T tags that I'd like to simply sanitize by
>> munging it enough that it won't parse when run through H::T, but
>> won't *break* H::T as well.
>>
>> Can anyone think of a simple-ish regex to do this? Something like:
>>
>> my $untrusted = <STDIN>; # (or, where ever)
>> $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
>> $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
>>
>> That may be all there is to it - am I missing some menacing edge
>> case?
>>
>> --
>>
>> Justin Simoni
>>
>> http://justinsimoni.com :: Art Portfolio
>>
>> -------------------------------------------------------------------------
>> Check out the new SourceForge.net Marketplace.
>> It's the best place to buy or sell services for
>> just about anything Open Source.
>> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
>> _______________________________________________
>> Html-template-users mailing list
>> Htm...@li...
>> https://lists.sourceforge.net/lists/listinfo/html-template-users
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Html-template-users mailing list
> Htm...@li...
> https://lists.sourceforge.net/lists/listinfo/html-template-users
>
|
|
From: Alex T. <al...@ac...> - 2008-03-27 14:19:48
|
Yes, you are forgetting all the closing tags.
Another option would be to just eval the code as passed to a test HT object.
If it breaks HT you can catch it from the eval.
HTH,
Alex
On Thu, 27 Mar 2008 04:43:41 -0600, Justin Simoni wrote
> Here's one for everyone:
>
> I'm receiving data from $Untrusted_Source, that may have malicious
> code, in the form of H::T tags that I'd like to simply sanitize by
> munging it enough that it won't parse when run through H::T, but
> won't *break* H::T as well.
>
> Can anyone think of a simple-ish regex to do this? Something like:
>
> my $untrusted = <STDIN>; # (or, where ever)
> $untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
> $untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
>
> That may be all there is to it - am I missing some menacing edge case?
>
> --
>
> Justin Simoni
>
> http://justinsimoni.com :: Art Portfolio
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Html-template-users mailing list
> Htm...@li...
> https://lists.sourceforge.net/lists/listinfo/html-template-users
|
|
From: Justin S. <ju...@sk...> - 2008-03-27 10:43:48
|
Here's one for everyone:
I'm receiving data from $Untrusted_Source, that may have malicious
code, in the form of H::T tags that I'd like to simply sanitize by
munging it enough that it won't parse when run through H::T, but won't
*break* H::T as well.
Can anyone think of a simple-ish regex to do this? Something like:
my $untrusted = <STDIN>; # (or, where ever)
$untrusted =~ s{<!-- tmpl_}{<!-- BREAK tmpl_}gi;
$untrusted =~ s{<tmpl_}{<BREAK tmpl_}gi;
That may be all there is to it - am I missing some menacing edge case?
--
Justin Simoni
http://justinsimoni.com :: Art Portfolio
|
|
From: Mathew R. <mat...@ne...> - 2008-03-24 22:59:52
|
You will be able to support more characters descriptors by using only utf8 (ie: unicode) than trying to support individual charsets ** ie: if you are resorting to entities, then you should simply use utf8 as they both print the same character. ** I can say this from experience, eg: I had a requirement to support at least three different charsets on the same web page, at the same time -> using entites was hard work on the programmers brain and is bandwidth intensive. You should seriously consider outputting to utf8 only. cheers, Mathew Alex Teslik wrote: > I completely agree. Unfortunately I've inherited a lot of the code and it > needs to support all charsets. :( > > On Thu, 20 Mar 2008 14:31:54 +1100, Mathew Robertson wrote > >> Have you tried using utf8 as the encoding? You will get far more >> millage out of utf8 than using entities. >> >> regards, >> Mathew >> >> Alex Teslik wrote: >> >>> Hello, >>> >>> I'm developing an app where there are some strings that have HTML entities >>> in them, such as: >>> >>> This is a "Tést" >>> >>> > |
|
From: Michael P. <mp...@pl...> - 2008-03-20 14:49:16
|
Alex Teslik wrote: > So I propose that the HTML::Template escaping does not squash HTML entities. > Something like (quick off the cuff) This seems like a very specific case to me. You are having a problem because your text contains some HTML encoded things, but not all and because of the limitations of charsets that your project has. These aren't very generic and is not a problem that H::T should solve. You know that your data won't fit the standard, so just do the escaping you propose on your own. > How do others typically get around this problem? We either don't have mixed strings like you do, or we've moved on to UTF8 :) -- Michael Peters Plus Three, LP |
|
From: Alex T. <al...@ac...> - 2008-03-20 06:35:24
|
On Wed, 19 Mar 2008 22:24:36 -0500, Karen wrote > On 3/19/08, Alex Teslik <al...@ac...> wrote: > > > But then I can no longer do all my escaping in the template. > > Well, you're effectively handing it a half-escaped string. That's > kind of a special case. I disagree. The string I'm giving that contains entities is completely valid and not half-escaped. An entity is not always an escaped string - aside from the 4 common entities &, <, >, and ", any other entity can be decoded and co-exist with no problem among the html code. &, <, >, and " are escapes because they prevent specific characters from breaking the html code - and happen to perform the escaping by converting those characters to entities. > > > So I propose that the HTML::Template escaping does not squash HTML entities. > > That would break its behavior for me The code I submitted would not break your example because it does not change the behavior regarding legitimate &, <, >, or " characters. It simply changes the behavior to not _also_ escape other legitimate entities that also happen to contain legitimate ampersands. > An alternate escaping method would be fine An alternate option is probably a good idea. Thanks, Alex |
17 messages has been excluded from this view by a project administrator.
