5 my $tt = HTML::String::TT->new;
9 $tt->process(\$_[0], $_[1], \$output) or die $tt->error;
14 do_tt('<tag>[% foo %]</tag>', { foo => 'Hi <bob>' }),
15 '<tag>Hi <bob></tag>',
20 VIEW myview; BLOCK render; '<tag>'; foo; '</tag>'; END; END;
21 myview.include('render');
22 %]}, { foo => 'Hi <bob>' }),
23 '<tag>Hi <bob></tag>',
27 do_tt('<tag>[% foo | no_escape %]</tag>', { foo => 'Hi <bob>' }),
28 '<tag>Hi <bob></tag>',
31 # Check we aren't nailed by https://rt.perl.org/rt3/Ticket/Display.html?id=49594
34 do_tt('<foo>"$b\\ar"</foo>'."\n"),
35 '<foo>"$b\\ar"</foo>'."\n"
38 { # non-ASCII characters can also trigger the bug
43 do_tt('<li>foo – bar.</li>', {}),
44 '<li>foo – bar.</li>',
50 '[% FOREACH item IN items %][% item %][% END %]',
51 { items => [ '<script>alert("lalala")</script>', '-> & so "on" <-' ] }
53 '<script>alert("lalala")</script>'
54 .'-> & so "on" <-'
57 is( do_tt('"0"', {}), '"0"' );
61 [%- MACRO test(name, value) BLOCK;
66 [%- test("foo", "") -%]
69 my $with_html_string_tt = do_tt($tmpl, {});
71 $tt = Template->new(STASH => Template::Stash->new);
72 my $with_template = do_tt($tmpl, {});
74 is $with_html_string_tt, $with_template;