PHP - security etc

Aaron Trevena aaron.trevena at
Thu Mar 8 19:40:42 GMT 2007

On 07/03/07, Paul Makepeace <paulm at> wrote:
> The conclusion I got from
> reading between lines on catalyst, templates, and is that
> Perl just doesn't have decent HTML+template+escaping yet either.

Depends what you want - if you only want to allow what you consider
safe html, then it *is* trivial in TT, just pass a filtering sub to TT
constructor, or use the HTML filter.

my $t = Template->new({ .... , FILTERS => { safe_html =>
\&my_escape_function } });

and hey presto :

[% foo.user_entered_text | html %]
[% foo.user_entered_html | safe_html %] or

Works for me - I'm using something like this to escape data for LaTeX.


LAMP System Integration, Development and Hosting

More information about the mailing list