Re: How to test all TT2 tags are escaped.

by Rhandom (Curate)
on Oct 28, 2013 at 14:21 UTC

in reply to How to test all TT2 tags are escaped.

I thought we had got AUTO_FILTER into Template::Toolkit. Oh - no, it was that somebody else wrote a module doing just that. A number of years ago on Perlmonks somebody else (not me) asked for the same thing, and then created Template::AutoFilter. I am the author of Template::Alloy (a near drop in for Template::Toolkit) and also added a native configuration item to Template::Alloy called AUTO_FILTER at about this same time. It is pretty easy to use in Alloy, so I assume that it would be easy to use in Template::AutoFilter as well.

use Template::Alloy; my $t = Template::Alloy->new(AUTO_FILTER=>"html"); $t->process(\qq{[% foo %]\n}, {foo => "(&)"})' (&)

This excerpt comes from the Template::Alloy pod

AUTO_FILTER Can be the name of any filter. Default undef. Any variable returne +d by a GET directive (including implicit GET) will be passed to the n +amed filter. This configuration option may also be passed to the CONF +IG directive. # with AUTO_FILTER => 'html' [% f = "&"; GET f %] prints & [% f = "&"; f %] prints & (implicit GET) If a variable already has another filter applied the AUTO_FILTER i +s not applied. The "none" scalar virtual method has been added to all +ow for using variables without reapplying filters. # with AUTO_FILTER => 'html' [% f = "&"; f | none %] prints & [% f = "&"; g = f; g %] prints & [% f = "&"; g = f; g | none %] prints & (because g = f is a S +ET directive) [% f = "&"; g = GET f; g | none %] prints & (because the +actual GET directive was called)

Update: I realized that this is one solution, but it is not a direct answer to the ops question. See my next reply for the real answer to the ops question.
my @a=qw(random brilliant braindead); print $a[rand(@a)];

