File Coverage

blib/lib/HTML/MasonX/Free/Escape.pm

Criterion	Covered	Total	%
statement	29	31	93.5
branch	3	4	75.0
condition	2	3	66.6
subroutine	10	11	90.9
pod	0	2	0.0
total	44	51	86.2

line	stmt	bran	cond	sub	pod	time	code
1	1			1		481	use strict;
	1					7
	1					29
2	1			1		5	use warnings;
	1					2
	1					51
3							package HTML::MasonX::Free::Escape 0.007;
4
5							# ABSTRACT: default HTML escaping with an escape hatch
6
7							#pod =head1 OVERVIEW
8							#pod
9							#pod First, when you set up your compiler, you pass:
10							#pod
11							#pod default_escape_flags => 'html'
12							#pod
13							#pod Then, when you set up your interpreter, you redefine the html handler(s):
14							#pod
15							#pod use HTML::MasonX::Free::Escape qw(html_escape);
16							#pod $interp->set_escape('h' => \&html_escape);
17							#pod $interp->set_escape('html' => \&html_escape);
18							#pod
19							#pod Finally, for good measure, get C<html_hunk> imported to your Commands package:
20							#pod
21							#pod package HTML::Mason::Commands { use HTML::MasonX::Free::Escape 'html_hunk' }
22							#pod
23							#pod Now, by default, when you do this in a template:
24							#pod
25							#pod The best jelly is <% $flavor %> jelly.
26							#pod
27							#pod ...the C<$flavor> will be HTML entity escaped. If you want to deal with
28							#pod variables that are I<not> going to be escaped, you use C<html_hunk>:
29							#pod
30							#pod Here's some math: <% html_hunk( $eqn->as_mathml ) %>
31							#pod
32							#pod Even though it's called C<html_hunk>, it just means "don't HTML escape this."
33							#pod If you put in some XML, you won't get in trouble. The result of calling
34							#pod C<html_hunk> is an object that will throw an exception if stringified. This
35							#pod prevents you from making mistakes like:
36							#pod
37							#pod my $target = html_hunk("world");
38							#pod my $greet = "Hello, $target";
39							#pod
40							#pod =cut
41
42	1			1		5	use Exporter 'import';
	1					3
	1					68
43	1			1		7	use Scalar::Util qw(blessed);
	1					3
	1					113
44
45							our @EXPORT_OK = qw(html_escape html_hunk);
46
47							{
48							package
49							HTML::MasonX::Free::HTMLHunk;
50	1			1		9	use Carp ();
	1					4
	1					204
51	1			1		4	sub new { my ($class, $str) = @_; bless \$str, $class }
	1					3
52	1			1		2	sub as_html { ${ $_[0] } }
	1					25
53							use overload
54	0			0		0	'""' => sub { Carp::confess("HTML hunk stringified: <${$_[0]}>") },
	0					0
55	1			1		7	fallback => 1;
	1					2
	1					24
56							}
57
58							# mostly taken from HTML::Mason::Escapes except it adds "'"
59							my $HTML_ESCAPE = qr/([&<>"'])/;
60							my %HTML_ESCAPE = (
61							'&' => '&',
62							'>' => '>',
63							'<' => '<',
64							'"' => '"',
65							"'" => '''
66							);
67
68							sub html_escape {
69	2			2	0	29	my $ref = $_[0];
70	2	50				6	return unless defined $$ref;
71
72	2	100	66			28	if (blessed $$ref and $$ref->isa('HTML::MasonX::Free::HTMLHunk')) {
73	1					5	$$ref = $$ref->as_html;
74	1					4	return;
75							}
76
77	1					11	$$ref =~ s/$HTML_ESCAPE/$HTML_ESCAPE{$1}/mg;
78							}
79
80							sub html_hunk {
81	1			1	0	7	return HTML::MasonX::Free::HTMLHunk->new($_[0]);
82							}
83
84							1;
85
86							__END__
87
88							=pod
89
90							=encoding UTF-8
91
92							=head1 NAME
93
94							HTML::MasonX::Free::Escape - default HTML escaping with an escape hatch
95
96							=head1 VERSION
97
98							version 0.007
99
100							=head1 OVERVIEW
101
102							First, when you set up your compiler, you pass:
103
104							default_escape_flags => 'html'
105
106							Then, when you set up your interpreter, you redefine the html handler(s):
107
108							use HTML::MasonX::Free::Escape qw(html_escape);
109							$interp->set_escape('h' => \&html_escape);
110							$interp->set_escape('html' => \&html_escape);
111
112							Finally, for good measure, get C<html_hunk> imported to your Commands package:
113
114							package HTML::Mason::Commands { use HTML::MasonX::Free::Escape 'html_hunk' }
115
116							Now, by default, when you do this in a template:
117
118							The best jelly is <% $flavor %> jelly.
119
120							...the C<$flavor> will be HTML entity escaped. If you want to deal with
121							variables that are I<not> going to be escaped, you use C<html_hunk>:
122
123							Here's some math: <% html_hunk( $eqn->as_mathml ) %>
124
125							Even though it's called C<html_hunk>, it just means "don't HTML escape this."
126							If you put in some XML, you won't get in trouble. The result of calling
127							C<html_hunk> is an object that will throw an exception if stringified. This
128							prevents you from making mistakes like:
129
130							my $target = html_hunk("world");
131							my $greet = "Hello, $target";
132
133							=head1 PERL VERSION
134
135							This library should run on perls released even a long time ago. It should work
136							on any version of perl released in the last five years.
137
138							Although it may work on older versions of perl, no guarantee is made that the
139							minimum required version will not be increased. The version may be increased
140							for any reason, and there is no promise that patches will be accepted to lower
141							the minimum required perl.
142
143							=head1 AUTHOR
144
145							Ricardo Signes <cpan@semiotic.systems>
146
147							=head1 COPYRIGHT AND LICENSE
148
149							This software is copyright (c) 2022 by Ricardo Signes.
150
151							This is free software; you can redistribute it and/or modify it under
152							the same terms as the Perl 5 programming language system itself.
153
154							=cut