Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Template Toolkit filtering all variables

by marvell (Pilgrim)
on Oct 13, 2005 at 10:05 UTC ( [id://499837]=perlquestion: print w/replies, xml ) Need Help??

marvell has asked for the wisdom of the Perl Monks concerning the following question:

I image it's pretty standard to want to encode entitles in all variables and subroutine returns in a data structure. I have no HTML in my variables, so want to filter all of them. However, I don't want to have to wrap each variable call in the template with a FILTER call in the template, since that looks messy.

Is there a good solution to this, or should I prefilter all variables in my data structure with my fave eoncoding module? What about subroutines?

Your assistance is greatly appreciated in this matter.

--
Steve Marvell

Replies are listed 'Best First'.
Re: Template Toolkit filtering all variables
by merlyn (Sage) on Oct 13, 2005 at 10:46 UTC
    I interpolate a lot of variables into HTML, but I also end up putting a lot of variables into URLs, which require URI-encoding first before HTML-ent'ing. So a general rule, as attractive as it may sound, will probably only get in the way later. (Witness the PHP rule that tries to backwhack all single quotes, and then you end up with occasional backwhacks in the output because of a double application of the rule.)

    So, in my mind, I simply keep track of "possibly user data" apart from "data I've constructed", and to the former, add "| html". You do realize that you need only those five characters, right?

    [% CGI.h2("Greetings!") %] Hello, [% firstname | html %] [% lastname | html %]!
    The "h2" should not be escaped (it would print literally as <h2> which is very wrong), but the firstname and lastname need it, so I add "| html" to them.

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

      Why
      [% CGI.h2("Greetings!") %] Hello, [% firstname | html %] [% lastname | html %]!
      and not
      <h2>Greetings!</h2> Hello, [% firstname | html %] [% lastname | html %]!
      ?

      just curious,


      holli, /regexed monk/
        I used h2 with a literal as a quick example. Most often, I'm using CGI calls for (sticky) form fields, but when I was thinking about that for this problem, I decided that it would detract from the point I was making.

        -- Randal L. Schwartz, Perl hacker
        Be sure to read my standard disclaimer if this is a reply.

      I clearly missed the pipe bit in the manual. Can you double pipe, to html and html_para, say?

      --
      Steve Marvell

        I clearly missed the pipe bit in the manual.
        That's at Template::Manual::Directives, under FILTER.
        Can you double pipe, to html and html_para, say?
        That wouldn't make sense, because once you've inserted the P tags, you'll end up escaping the angle brackets. Ouch. But yes, you can double pipe for things like filename to href params versus filename to html:
        <a href = "[% filename | uri | html %]">[% filename | html %]</a>

        -- Randal L. Schwartz, Perl hacker
        Be sure to read my standard disclaimer if this is a reply.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://499837]
Approved by muntfish
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (3)
As of 2024-03-29 06:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found