Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: How to test all TT2 tags are escaped.

by Rhandom (Curate)
on Oct 28, 2013 at 15:13 UTC ( #1059999=note: print w/ replies, xml ) Need Help??


in reply to How to test all TT2 tags are escaped.

I just realized I didn't answer the question directly. Here is a solution doing what you asked for. It does use some of the deep internals of the Alloy op tree though (so beware). But with a little more tweaking it would be a fine precommit hook - and then you could keep using your existing template system.

#!/usr/bin/env perl use strict; use warnings; use Template::Alloy; my $file = \ << 'EOF'; [% foo_is_not_filtered %] [% foo_is_filtered | html %] [% IF foo %] [% bar %] [% END %] [% foo_is_none | none %] [% BLOCK some_block %] [% block_var %] [% END %] EOF my $ta = Template::Alloy->new; my $doc = $ta->load_template($file); my $checker; $checker = sub { my $ref = shift; return if ! ref $ref; foreach my $node (@$ref) { next if ! ref $node; if ($node->[0] eq 'GET' && $node->[1] =~ /^\d+/) { my $expr = $node->[3]; next if ! ref $expr; my $info = $ta->node_info($node); if (@$expr < 5 || $expr->[-3] ne '|') { print "File \"$info->{'file'}\" line $info->{'line'}: +No filtering ($info->{'text'})\n"; } else { next if $expr->[-2] ne 'none'; # comment out to note e +very filter print "File \"$info->{'file'}\" line $info->{'line'}: +Used $expr->[-2] filter ($info->{'text'})\n"; } } $checker->($_) for @$node; } }; local $ta->{'_component'} = $doc; $checker->($doc->{'_tree'}); File "input text" line 8: No filtering (block_var) File "input text" line 1: No filtering (foo_is_not_filtered) File "input text" line 4: No filtering (bar) File "input text" line 6: Used none filter (foo_is_none | none)

Update: If there was demand for it, I could certainly look into making this more of a first class method as part of the standard Template::Alloy distribution. Then it could more easily be reused by anybody speaking TT dialects using any TT or TA module.
my @a=qw(random brilliant braindead); print $a[rand(@a)];


Comment on Re: How to test all TT2 tags are escaped.
Download Code
Re^2: How to test all TT2 tags are escaped.
by chrestomanci (Priest) on Oct 28, 2013 at 15:38 UTC

    Thanks, that looks very promising

    It looks like I can use your code in a test script to just load each template file in turn, and get a report of any non escaped variables. I can then call that test script from my commit hook and test suite.

    How compatible is Template::Alloy with TT2? Seeing as it will only be used for tests it does not have to be perfect, so long as it does not barf and crash over TT2 macros or suchlike.

    Thanks a lot.

      The largest problem with Template::Alloy is directly related to this node - Alloy has more features than Template::Toolkit. This means that in all cases that I have experienced, the imported Template::Toolkit template will work on Template::Alloy. However, because of items like AUTO_FILTER, not necessarily every template in Template::Alloy that uses Alloy only features will work in Template::Toolkit. This is an important item to discuss with your team before moving to Alloy - if you need to maintain cross compatibility, you can still use Alloy but you have to make sure your team only uses the TT2 features. Again - all TT2 templates should work on Alloy (that was one of its design goals).

      There is a larger description of what was added here http://search.cpan.org/~rhandom/Template-Alloy-1.020/lib/Template/Alloy/TT.pm.

      As much as possible, I always tried to submit patch features to Template::Toolkit to have them implemented. One such feature that actualy made it in was the ~ PRE/POST CHOMP addition (there used to only be =-+). Other features were not accepted because they added to the size of the grammar, and also because the features were decided to be postponed until the release of TT3. As much as possible, I had tried to keep the syntax of Alloy compatible with the planned features of TT3 - but some items were not fully specced in TT3.

      If there are items that aren't compatible they are noted in the Template::Alloy:TT pod. The few small language quirks (very minimal parsing edge case discrepancies) are also listed.

      Six years and many many billions of page requests served, we are still happy with Alloy. One of the interesting design goals that Alloy helped us solve was that when I first joined my current company - it had templates written in HTML::Template, HTML::Template::Expr, Text::Tmpl, and I wanted to start standarding on Template::Toolkit syntax. After I developed Alloy, for awhile we actually had our headers/footers written in HTML::Template::Expr, and our new content bodies written in TT2 - but all served under the same Template::Alloy engine.

      my @a=qw(random brilliant braindead); print $a[rand(@a)];

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1059999]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2014-08-22 00:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (144 votes), past polls