Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
#!/usr/bin/perl
use strict;
use warnings;
use Text::Xslate;
use Plack::Request;
my $bs = '\\';
my %e = (
q!\\! => $bs,
q!"! => 'x22',
q!'! => 'x27',
q!/! => '/',
q!<! => 'x3c',
q!>! => 'x3e',
q!&! => 'x26',
"\x0D" => "r",
"\x0A" => "n",
);
sub escape_js {
my ($text) = @_;
$text =~ s!([\\"'/<>&]|\x0D|\x0A)!${bs}$e{$1}!g;
return $text;
}
my $tx = Text::Xslate->new(
syntax => 'TTerse',
function => {
js => sub {
escape_js(@_);
},
js_raw => sub {
Text::Xslate::mark_raw(escape_js(@_));
}
}
);
sub {
my $env = shift;
my $req = Plack::Request->new($env);
my $foo = $req->param('foo') // q!&foo"bar'<b>baz</b>\ / </script>! . qq!\r\nfoo!;
return [
200,
['Content-Type'=>'text/html'],
[$tx->render_string(<<'EOF',
<html>
<body>
<script>
// test | html | js
var foo='[% test | html | js_raw %]';
document.write(foo);
</script>
<br />
<!-- test | js -->
<a onclick="alert('[% test | js %]')">alert</a>
</body>
</html>
EOF
{ test => $foo }
)]
];
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment