X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FHTML%2FString.pm;h=038c3960660da884fbb0b837ede143c950440601;hb=0d5353da5bf552b5e6ec5b480d85e80adeecbe81;hp=033be4e9516d40248dc21c17549c3eb83a453972;hpb=e1b4b35c28896558b77f9df03dc4fd5561c84ca4;p=scpubgit%2FHTML-String.git
diff --git a/lib/HTML/String.pm b/lib/HTML/String.pm
index 033be4e..038c396 100644
--- a/lib/HTML/String.pm
+++ b/lib/HTML/String.pm
@@ -4,6 +4,10 @@ use strictures 1;
use HTML::String::Value;
use Exporter 'import';
+our $VERSION = '1.000002'; # 1.0.2
+
+$VERSION = eval $VERSION;
+
our @EXPORT = qw(html);
sub html {
@@ -11,3 +15,159 @@ sub html {
}
1;
+
+__END__
+
+=head1 NAME
+
+HTML::String - mark strings as HTML to get auto-escaping
+
+=head1 SYNOPSIS
+
+ use HTML::String;
+
+ my $not_html = 'Hello, Bob & Jake';
+
+ my $html = html('
').$not_html.html('
');
+
+ print html($html); # Hello, Bob & Jake
+
+or, alternatively,
+
+ use HTML::String::Overload;
+
+ my $not_html = 'Hello, Bob & Jake';
+
+ my $html = do {
+ use HTML::String::Overload;
+ "${not_html}
";
+ }
+
+ print html($html); # Hello, Bob & Jake
+
+(but see the L documentation for details and caveats).
+
+See also L for L integration.
+
+=head1 DESCRIPTION
+
+Tired of trying to remember which strings in your program need HTML escaping?
+
+Working on something small enough to not need a templating engine - or code
+heavy enough to be better done with strings - but wanting to be careful about
+user supplied data?
+
+Yeah, me too, sometimes. So I wrote L.
+
+The idea here is to have pervasive HTML escaping that fails closed - i.e.
+escapes everything that it isn't explicitly told not to. Since in the era
+of XSS (cross site scripting) attacks it's a matter of security as well as
+of not serving mangled markup, I've preferred to err on the side of
+inconvenience in places in order to make it as hard as possible to screw up.
+
+We export a single subroutine, L