Faced with many tens of templates that suddenly needed to accomodate text with diacriticals (i.e., the unsafe half of iso-8859-1), rather than tracking down the hundreds of places we stuff text into template parameters and rewire them to use HTML::Entities to encode the text, I modified HTML::Template to optionally use HTML::Entities to escape text. We were already using ESCAPE=HTML in the templates, so this seemed like the "easist thing that could possibly work" approach. In fact, it all took all of about a dozen lines of code to get Latin1 support in our app. The performance hit, at least as judged by timing our unit tests, is negligable.
And now the question: I'm sure this idea has come up before, and that there's probably been some discussion about it. Have I stepped into the losing side of an old argument by taking this approach, or would it be reasonable to submit the changes as a patch?
(Updated to add: The patch for adding this to HTML::Template 2.7 is here.)
Re:Submit a patch!
dws on 2004-10-18T21:09:12
Done. What's the worst that can happen?
