5 my $tt = HTML::String::TT->new;
9 $tt->process(\$_[0], $_[1], \$output) or die $tt->error;
14 do_tt('<tag>[% foo %]</tag>', { foo => 'Hi <bob>' }),
15 '<tag>Hi <bob></tag>',
20 VIEW myview; BLOCK render; '<tag>'; foo; '</tag>'; END; END;
21 myview.include('render');
22 %]}, { foo => 'Hi <bob>' }),
23 '<tag>Hi <bob></tag>',
27 do_tt('<tag>[% foo | no_escape %]</tag>', { foo => 'Hi <bob>' }),
28 '<tag>Hi <bob></tag>',
31 # Check we aren't nailed by https://rt.perl.org/rt3/Ticket/Display.html?id=49594
34 do_tt('<foo>"$bar"</foo>'."\n"),
35 '<foo>"$bar"</foo>'."\n"
40 '[% FOREACH item IN items %][% item %][% END %]',
41 { items => [ '<script>alert("lalala")</script>', '-> & so "on" <-' ] }
43 '<script>alert("lalala")</script>'
44 .'-> & so "on" <-'
47 is( do_tt('"0"', {}), '"0"' );