Template::Stash::EscapeHTML - escape HTML automatically in Template-Toolkit.

Template-Stash-EscapeHTML documentation Contained in the Template-Stash-EscapeHTML distribution.

Index

Code Index:

NAME

Top

Template::Stash::EscapeHTML - escape HTML automatically in Template-Toolkit.

SYNOPSIS

Top

    use Template::Stash::EscapeHTML;

    my $tt = Template->new({
        STASH => Template::Stash::EscapeHTML->new,
        ...
    });

DESCRIPTION

Top

This module is a sub class of Template::Stash, automatically escape all HTML strings and avoid XSS vulnerability.

AUTHOR

Top

Tomohiro IKEBE, <ikebe@shebang.jp>

COPYRIGHT

Top

Copyright 2005 Tomohiro IKEBE, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Template-Stash-EscapeHTML documentation Contained in the Template-Stash-EscapeHTML distribution. 
package Template::Stash::EscapeHTML;

use strict;
use Template::Config;
use base ($Template::Config::STASH);
our $VERSION = '0.02';

sub get {
    my($self, @args) = @_;
    my($var) = $self->SUPER::get(@args);
    unless (ref($var)) {
        return html_filter($var);
    }
    return $var;
}

sub html_filter {
    my $text = shift;
    for ($text) {
        s/&/&amp;/g;
        s/</&lt;/g;
        s/>/&gt;/g;
        s/"/&quot;/g;
        s/'/&#39;/g;
    }
    return $text;
}

1;

__END__