Valiant::HTML::SafeString - String rendering safety
use Valiant::HTML::SafeString 'safe', 'escape';
Protecting your templates from the various types of character injection attacks is a prime concern for anyone working with the HTML user interface. This class provides some methods and exports to make this job easier.
The following functions can be exported by this library
Given a string or array, returns such marked as 'safe' by using html_escape on the string and then encapsulating it inside an instance of Valiant::HTML::SafeString. You can safely pass arguments to this since if the string is already marked safe we just return it unaltered.
html_escape
Same as safe but always returns a string even if you pass an array of strings (they are all joined together).
safe
Given a string or array of strings, return each marked as safe (by encapsulating it inside an instance of Valiant::HTML::SafeString. This will just mark strings as safe without doing any escaping first (for that see safe) so be careful with this.
Same as raw but always returns a string even if you pass an array of strings (they are all joined together).
raw
Given a string return a boolean indicating if its marked safe or not. Since safe and raw never double the escapulations / escaping, you probably never need this but saw no reason to not expose it.
A wrapper on HTML::Escape just to make your life a bit easier
This package exposes the folllowing class methods
my $safe_string = Valiant::HTML::SafeString->new(@strings);
Given a string, or array of strings, returns a single string that has been html_escape'd as needed and encapulated in an instance. Its safe to pass arguments to this without testing since if a string is already marked safe we don't do any extra escaping (although you will get a new instance).
Instances of Valiant::HTML::SafeString expose the following public methods
Returns a new safe string which appends a list of strings to the old one, making those new strings 'safe' as needed. Basically this will escape any strings not marked safe already and then joins them altogether in a single safe string.
Returns the raw string, suitable for display.
Returns a boolean indicating if the string is empty or not.
String context calles to_string; Boolean context returns true unless the string is empty.
to_string
Valiant, Valiant::HTML::FormBuilder
See Valiant
To install Valiant, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Valiant
CPAN shell
perl -MCPAN -e shell install Valiant
For more information on module installation, please visit the detailed CPAN module installation guide.