Provided by: libtemplate-stash-autoescaping-perl_0.0303-2_all bug

NAME
       Template::Stash::AutoEscaping - escape automatically in Template-Toolkit.


SYNOPSIS
         use Template;
         use Template::Stash::AutoEscaping;
         my $tt = Template->new({
           STASH => Template::Stash::AutoEscaping->new
         });


METHODS
   new
       die_on_unescaped
           This  value,  if  set  to  a true value, causes the process to throw an exception upon encountering a
           value that was not explicitly set to be escaped or was marked as a raw value.

       escape_type
           default is HTML

       method_for_escape
           The default method to escape a value explicitly (mostly useful with "die_on_unescaped" .

       method_for_raw
           default is raw, you can get not escaped value from [% value.raw %]

       escape_method
             my $tt = Template->new({
               STASH => Template::Stash::AutoEscaping->new({
                   escape_method => sub { my $text = shift; ... ; return $text }
               })
             });

       ignore_escape
             my $stash = Template::Stash::AutoEscaping->new({ignore_escape => [qw(include_html include_raw my_escape_func)], ... );

             You can disable auto-escape for some value or TT-Macro.
             For example: include other component, for output safety html, using other escape method, etc.

   class_for
           Template::Stash::AutoEscaping->class_for("HTML") # Template::Stash::AutoEscaping::Escaped::HTML
           Template::Stash::AutoEscaping->class_for("HTML" => "MyHTMLString");

   escape
       For internal use.

   escape_count
       For internal use.

   get
       For internal use.

   get_raw_args
       For internal use.


DESCRIPTION
       Template::Stash::AutoEscaping is a sub class of Template::Stash, automatically escape  all  HTML  strings
       and avoid XSS vulnerability.


CONFIGURE
       $Template::Stash::AutoEscaping::ESCAPE_ARGS
            default is 0. for example "key of hash" or "args of vmethods" are not escaped. I think this is good in most cases.
            [% hash.${key} %] [% hash.item(key) %] means [% hash.${key.raw} | html %] [% hash.item(key.raw) | html %] by default.


AUTHOR
       mala <cpan@ma.la> (original author of Template::Stash::AutoEscape)

       Shlomi  Fish  (<http://www.shlomifish.org/>)  added  some  enhancements  and fixes, while disclaiming all
       rights,   as   part   of   his   work   for   <http://reask.com/>   and   released    the    result    as
       "Template::Stash::AutoEscaping" .


SEE ALSO
       Template, Template::Stash::EscapedHTML, Template::Stash::AutoEscape


LICENSE
       This  library  is  free  software;  you can redistribute it and/or modify it under the same terms as Perl
       itself.

perl v5.34.0                                       2022-06-17                 Template::Stash::AutoEscaping(3pm)