Bug #18274 for HTML-Template: unable to turn off escaping if default

Tue Mar 21 16:08:38 2006 Guest - Ticket created

Subject:

unable to turn off escaping if default_escape has been specified

if you have specified default_escape => "HTML" in your constructor this no longer works: <TMPL_VAR foo ESCAPE=0> The attached patch fixes this problem, as well as adding <TMPL_VAR foo ESCAPE=NONE> And allowing someone to use single quotes to escape with JS <TMPL_VAR foo ESCAPE='JS'> There is also a new test file which tests the bug fixes and new functionality.

Subject:

Template.pm.diff

--- Template.pm 2005-12-21 15:21:01.000000000 -0800 +++ blib/lib/HTML/Template.pm 2006-03-15 22:40:10.000000000 -0800 @@ -126,8 +126,9 @@ You'll get what you wanted no matter what value happens to be passed in for param. You can also write ESCAPE="HTML", ESCAPE='HTML' and ESCAPE='1'. -Substitute a 0 for the HTML and you turn off escaping, which is the default -anyway. + +"ESCAPE=0" and "ESCAPE=NONE" turn off escaping, which is the default +behavior. There is also the "ESCAPE=URL" option which may be used for VARs that populate a URL. It will do URL escaping, like replacing ' ' with '+' @@ -1859,18 +1860,13 @@ [Ee][Ss][Cc][Aa][Pp][Ee] \s*=\s* (?: - (?: 0 | (?:"0") | (?:'0') ) - | - ( 1 | (?:"1") | (?:'1') | - (?:[Hh][Tt][Mm][Ll]) | - (?:"[Hh][Tt][Mm][Ll]") | - (?:'[Hh][Tt][Mm][Ll]') | - (?:[Uu][Rr][Ll]) | - (?:"[Uu][Rr][Ll]") | - (?:'[Uu][Rr][Ll]') | - (?:[Jj][Ss]) | - (?:"[Jj][Ss]") | - (?:'[Jj][Ss]') | + ( + (?:["']?0["']?)| + (?:["']?1["']?)| + (?:["']?[Hh][Tt][Mm][Ll]["']?) | + (?:["']?[Uu][Rr][Ll]["']?) | + (?:["']?[Jj][Ss]["']?) | + (?:["']?[Nn][Oo][Nn][Ee]["']?) ) # $5 => ESCAPE on ) )* # allow multiple ESCAPEs @@ -1929,18 +1925,13 @@ [Ee][Ss][Cc][Aa][Pp][Ee] \s*=\s* (?: - (?: 0 | (?:"0") | (?:'0') ) - | - ( 1 | (?:"1") | (?:'1') | - (?:[Hh][Tt][Mm][Ll]) | - (?:"[Hh][Tt][Mm][Ll]") | - (?:'[Hh][Tt][Mm][Ll]') | - (?:[Uu][Rr][Ll]) | - (?:"[Uu][Rr][Ll]") | - (?:'[Uu][Rr][Ll]') | - (?:[Jj][Ss]) | - (?:"[Jj][Ss]") | - (?:'[Jj][Ss]') | + ( + (?:["']?0["']?)| + (?:["']?1["']?)| + (?:["']?[Hh][Tt][Mm][Ll]["']?) | + (?:["']?[Uu][Rr][Ll]["']?) | + (?:["']?[Jj][Ss]["']?) | + (?:["']?[Nn][Oo][Nn][Ee]["']?) ) # $15 => ESCAPE on ) )* # allow multiple ESCAPEs @@ -2023,11 +2014,16 @@ # if ESCAPE was set, push an ESCAPE op on the stack before # the variable. output will handle the actual work. + # unless of course, they have set escape=0 or escape=none if ($escape) { if ($escape =~ /^["']?[Uu][Rr][Ll]["']?$/) { push(@pstack, $URLESCAPE); - } elsif ($escape =~ /^"?[Jj][Ss]"?$/) { + } elsif ($escape =~ /^["']?[Jj][Ss]["']?$/) { push(@pstack, $JSESCAPE); + } elsif ($escape =~ /^["']?0["']?$/) { + # do nothing if escape=0 + } elsif ($escape =~ /^["']?[Nn][Oo][Nn][Ee]["']?$/ ) { + # do nothing if escape=none } else { push(@pstack, $ESCAPE); }

Subject:

04default_escape.t

use Test::More tests => 98; #use Test::More qw/no_plan/; use HTML::Template; use strict; while( <DATA> ) { chomp; next if /^$/; next if /^#/; my($text,$given,$wanted) = split /\|/; my $template = HTML::Template->new( scalarref => \$text, default_escape => "HTML" ); $template->param(foo => $given); my $output = $template->output; is($output , $wanted , $text); } # use pipe as the seperator between fields. # the TMPL_VAR name should always be 'foo' # fields: TMPL_VAR|given string|escaped string __DATA__ # use default escaping <TMPL_VAR foo>|this is bold\n|this is bold\n <TMPL_VAR name=foo>|this is bold\n|this is bold\n <TMPL_VAR name='foo'>|this is bold\n|this is bold\n <TMPL_VAR NAME="foo">|this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n # use js escaping <TMPL_VAR foo ESCAPE=JS>|this is bold\n|this is bold\\n <TMPL_VAR ESCAPE=JS foo>|this is bold\n|this is bold\\n <TMPL_VAR ESCAPE="JS" foo>|this is bold\n|this is bold\\n <TMPL_VAR foo ESCAPE="JS">|this is bold\n|this is bold\\n <TMPL_VAR NAME="foo" ESCAPE="JS">|this is bold\n|this is bold\\n <TMPL_VAR ESCAPE="JS" NAME="foo">|this is bold\n|this is bold\\n <TMPL_VAR ESCAPE='JS' foo>|this is bold\n|this is bold\\n <TMPL_VAR foo ESCAPE='JS'>|this is bold\n|this is bold\\n <TMPL_VAR NAME='foo' ESCAPE='JS'>|this is bold\n|this is bold\\n <TMPL_VAR ESCAPE='JS' NAME='foo'>|this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n |this is bold\n|this is bold\\n #use url escaping <TMPL_VAR foo ESCAPE=URL>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR ESCAPE=URL foo>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR foo ESCAPE=URL>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR ESCAPE="URL" foo>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR foo ESCAPE="URL">|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR NAME="foo" ESCAPE="URL">|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR ESCAPE="URL" NAME="foo">|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR ESCAPE='URL' foo>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR foo ESCAPE='URL'>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR NAME='foo' ESCAPE='URL'>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn <TMPL_VAR ESCAPE='URL' NAME='foo'>|this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn |this is bold\n|%3Cb%3Ethis%20is%20bold%5Cn # no escaping <TMPL_VAR foo ESCAPE=0>|this is bold\n|this is bold\n <TMPL_VAR ESCAPE=0 foo>|this is bold\n|this is bold\n <TMPL_VAR foo ESCAPE=0>|this is bold\n|this is bold\n <TMPL_VAR ESCAPE="0" foo>|this is bold\n|this is bold\n <TMPL_VAR foo ESCAPE="0">|this is bold\n|this is bold\n <TMPL_VAR NAME="foo" ESCAPE="0">|this is bold\n|this is bold\n <TMPL_VAR ESCAPE="0" NAME="foo">|this is bold\n|this is bold\n <TMPL_VAR ESCAPE='0' foo>|this is bold\n|this is bold\n <TMPL_VAR foo ESCAPE='0'>|this is bold\n|this is bold\n <TMPL_VAR NAME='foo' ESCAPE='0'>|this is bold\n|this is bold\n <TMPL_VAR ESCAPE='0' NAME='foo'>|this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n # no escaping <TMPL_VAR foo ESCAPE=NONE>|this is bold\n|this is bold\n <TMPL_VAR ESCAPE=NONE foo>|this is bold\n|this is bold\n <TMPL_VAR foo ESCAPE=NONE>|this is bold\n|this is bold\n <TMPL_VAR ESCAPE="NONE" foo>|this is bold\n|this is bold\n <TMPL_VAR foo ESCAPE="NONE">|this is bold\n|this is bold\n <TMPL_VAR NAME="foo" ESCAPE="NONE">|this is bold\n|this is bold\n <TMPL_VAR ESCAPE="NONE" NAME="foo">|this is bold\n|this is bold\n <TMPL_VAR ESCAPE='NONE' foo>|this is bold\n|this is bold\n <TMPL_VAR foo ESCAPE='NONE'>|this is bold\n|this is bold\n <TMPL_VAR NAME='foo' ESCAPE='NONE'>|this is bold\n|this is bold\n <TMPL_VAR ESCAPE='NONE' NAME='foo'>|this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n |this is bold\n|this is bold\n #no escaping and default escaping <TMPL_VAR foo ESCAPE=0> <TMPL_VAR foo>|this is bold\n|this is bold\n this is bold\n  |this is bold\n|this is bold\n this is bold\n

Mon Jan 29 14:37:01 2007 SAMTREGAR [...] cpan.org - Correspondence added

This is fixed for v2.9, coming soon. Thanks!

Mon Jan 29 14:37:02 2007 The RT System itself - Status changed from 'new' to 'open'

Mon Jan 29 14:37:03 2007 SAMTREGAR [...] cpan.org - Status changed from 'open' to 'resolved'

Bug #18274 for HTML-Template: unable to turn off escaping if default_escape has been specified