Template2
Template2 copied to clipboard
abw
uri filter behaviour contradicts docs and seems wrong [rt.cpan.org #123104]
Migrated from rt.cpan.org#123104 (status was 'new')
Requestors:
From [email protected] on 2017-09-22 10:59:21:
use strict;
use warnings;
use Template;
print Template->VERSION, "\n";
Template->new->process( \'[% x |html %]', { x => q{'"} } );
__END__
prints
2.26
'"
that means:
- single quote not escaped
- double quote is escaped
here are the docs:
https://metacpan.org/pod/Template::Manual::Filters#uri
====
As of version 2.26 of the Template Toolkit, the uri and url filters use the unsafe character set defined by RFC3986. This means that certain characters ("(", ")", "~", "*", "!" and the single quote "'") are now deemed unsafe and will be escaped as hex character sequences. The double quote character ('"') is now deemed safe and will not be escaped.
====
docs says that:
- single quote will be escaped
- double quote will not be escaped
and according to https://www.ietf.org/rfc/rfc3986.txt seems docs are correct and code is wrong.
From [email protected] on 2017-09-22 11:03:25:
Ticket text was correct but example wrong. Here is the correct PoC:
use strict;
use warnings;
use Template;
print Template->VERSION, "\n";
Template->new->process( \'[% x |uri %]', { x => q{'"} } );
__END__
2.26
'%22
