gistfile1.txt

#!/usr/bin/perl

use strict;
use warnings;
use Text::Xslate;
use Plack::Request;

my $bs = '\\';
my %e = (
    q!\\! => $bs,
    q!"! => 'x22',
    q!'! => 'x27',
    q!/! => '/',
    q!<! => 'x3c',
    q!>! => 'x3e',
    q!&! => 'x26',
    "\x0D" => "r",
    "\x0A" => "n",
);

sub escape_js {
    my ($text) = @_;
    $text =~ s!([\\"'/<>&]|\x0D|\x0A)!${bs}$e{$1}!g;
    return $text;
}

my $tx = Text::Xslate->new(
    syntax => 'TTerse',
    function => {
        js => sub {
            escape_js(@_);
        },
        js_raw => sub {
            Text::Xslate::mark_raw(escape_js(@_));
        }
    }
);

sub {
    my $env = shift;
    my $req = Plack::Request->new($env);
    my $foo = $req->param('foo') // q!&foo"bar'<b>baz</b>\ / </script>! . qq!\r\nfoo!;
    return [
        200,
        ['Content-Type'=>'text/html'],
        [$tx->render_string(<<'EOF',
<html>
<body>
<script>
// test | html | js
var foo='[% test | html | js_raw %]';
document.write(foo);
</script>
<br />
<!-- test | js -->
<a onclick="alert('[% test | js %]')">alert</a>
</body>
</html>
EOF
        { test => $foo }
        )]
    ];
}