PHP - security etc

Aaron Trevena aaron.trevena at gmail.com
Thu Mar 8 19:40:42 GMT 2007


On 07/03/07, Paul Makepeace <paulm at paulm.com> wrote:
> The conclusion I got from
> reading between lines on catalyst, templates, and london.pm is that
> Perl just doesn't have decent HTML+template+escaping yet either.


Depends what you want - if you only want to allow what you consider
safe html, then it *is* trivial in TT, just pass a filtering sub to TT
constructor, or use the HTML filter.

my $t = Template->new({ .... , FILTERS => { safe_html =>
\&my_escape_function } });

and hey presto :

[% foo.user_entered_text | html %]
or
[% foo.user_entered_html | safe_html %] or

Works for me - I'm using something like this to escape data for LaTeX.

A.

-- 
http://www.aarontrevena.co.uk
LAMP System Integration, Development and Hosting


More information about the london.pm mailing list