Re: [htmltmpl] option to turn ESCAPE=HTML on by default
Brought to you by:
samtregar
Menu
▾
▴
Re: [htmltmpl] option to turn ESCAPE=HTML on by default
|
From: Alex K. <ka...@ra...> - 2005-10-18 10:41:34
|
* Sam Tregar <sa...@tr...> [October 17 2005, 21:49]:
> > diff -ruN /tmp/HTML-Template-2.7/Template.pm HTML-Template-2.7/Template.pm
> > --- /tmp/HTML-Template-2.7/Template.pm Fri Jun 18 21:42:06 2004
> > +++ HTML-Template-2.7/Template.pm Mon Oct 17 14:43:36 2005
> > @@ -955,6 +955,7 @@
> > no_includes => 0,
> > case_sensitive => 0,
> > filter => [],
> > + default_template => undef,
>
> That should be "default_template" though, right?
Braino. You're of course right, that should read default_escape :)
> Also, I haven't checked it, but I think you might need to add some
> code to makes sure this setting is inherited by loops. I'm only
> half-sure about that though, so don't be surprised if I'm wrong!
I added tests for loops and includes, they seem to succeed. Updated
patch below.
diff -ruN /tmp/HTML-Template-2.7/Template.pm HTML-Template-2.7/Template.pm
--- /tmp/HTML-Template-2.7/Template.pm Fri Jun 18 21:42:06 2004
+++ HTML-Template-2.7/Template.pm Tue Oct 18 14:24:57 2005
@@ -955,6 +955,7 @@
no_includes => 0,
case_sensitive => 0,
filter => [],
+ default_escape => undef,
);
# load in options supplied to new()
@@ -1076,6 +1077,12 @@
$self->{cache} = \%cache;
}
+ if ($options->{default_escape}) {
+ unless ($options->{default_escape} =~ s/^(html|url|js)$/uc($1)/ie) {
+ croak("Wrong default_escape specified: \"$options->{default_escape}\".");
+ }
+ }
+
print STDERR "### HTML::Template Memory Debug ### POST CACHE INIT ", $self->{proc_mem}->size(), "\n"
if $options->{memory_debug};
@@ -1952,7 +1959,8 @@
$which = uc($1); # which tag is it
- $escape = defined $5 ? $5 : defined $15 ? $15 : 0; # escape set?
+ $escape = defined $5 ? $5 : defined $15 ? $15
+ : (defined $options->{default_escape} && $which eq 'TMPL_VAR') ? $options->{default_escape} : 0; # escape set?
# what name for the tag? undef for a /tag at most, one of the
# following three will be defined
diff -ruN /tmp/HTML-Template-2.7/t/99-old-test-pl.t HTML-Template-2.7/t/99-old-test-pl.t
--- /tmp/HTML-Template-2.7/t/99-old-test-pl.t Fri Jun 18 21:34:59 2004
+++ HTML-Template-2.7/t/99-old-test-pl.t Tue Oct 18 14:35:51 2005
@@ -795,7 +795,7 @@
ok($output =~ /I AM INNER 2/);
# test javascript escaping
-$template = $template = HTML::Template->new(path => ['templates'],
+$template = HTML::Template->new(path => ['templates'],
filename => 'js.tmpl');
$template->param(msg => qq{"He said 'Hello'.\n\r"});
$output = $template->output();
@@ -807,3 +807,32 @@
};
like($@, qr/empty filename/);
+# test default escaping
+
+ok(exists $template->{options}->{default_escape} && !defined $template->{options}->{default_escape}, "default default_escape");
+
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'UrL');
+is($template->{options}->{default_escape}, 'URL');
+$template->param(STUFF => q{Joined with space});
+$output = $template->output();
+like($output, qr{^Joined%20with%20space});
+
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'html');
+$template->param(STUFF => q{Joined&with"cruft});
+$template->param(LOOP => [ { MORE_STUFF => '<&>' }, { MORE_STUFF => '>&<' } ]);
+$template->param(a => '<b>');
+$output = $template->output();
+like($output, qr{^Joined&with"cruft});
+like($output, qr{<&>>&<});
+like($output, qr{because it's <b>});
+
+eval {
+$template = HTML::Template->new(path => ['templates'],
+ filename => 'default_escape.tmpl',
+ default_escape => 'wml');
+};
+like($@, qr/Wrong default_escape/);
diff -ruN /tmp/HTML-Template-2.7/templates/default_escape.tmpl HTML-Template-2.7/templates/default_escape.tmpl
--- /tmp/HTML-Template-2.7/templates/default_escape.tmpl Thu Jan 1 03:00:00 1970
+++ HTML-Template-2.7/templates/default_escape.tmpl Tue Oct 18 14:33:49 2005
@@ -0,0 +1,4 @@
+<TMPL_VAR STUFF>
+<TMPL_LOOP LOOP><TMPL_VAR MORE_STUFF></TMPL_LOOP>
+
+be<TMPL_INCLUDE default.tmpl>
--
Alex Kapranoff,
$n=["1another7Perl213Just3hacker49"=~/\d|\D*/g];
$$n[0]={grep/\d/,@$n};print"@$n{1..4}\n"
|
