Re: [Mason] Mason2: no default HTML escaping

2012-05-10 Thread Jonathan Swartz
> On Wed, 9 May 2012, Paul Wallingford wrote: > >> The problem is context. Escaping is appropriate in certain contexts and >> not in others. There are many ways to determine context, quite a few of >> them slow. The speed issues of Mason2, due largely to Moose as >> discussed in the past, means

Re: [Mason] Mason2: no default HTML escaping

2012-05-10 Thread Dave Rolsky
On Wed, 9 May 2012, Paul Wallingford wrote: > The problem is context. Escaping is appropriate in certain contexts and > not in others. There are many ways to determine context, quite a few of > them slow. The speed issues of Mason2, due largely to Moose as > discussed in the past, means you do

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Paul Wallingford
On 5/9/2012 1:16 PM, Stephen Clouse wrote: > Don't assume that people have done it your way. TMTOWTDI, after all. I don't. I have asked before what people though regarding the most common use for Mason. I do not deny it is used for non-web applications. Several people in the past pointed out

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Pedro Melo
Hi, On Wed, May 9, 2012 at 9:16 PM, Stephen Clouse wrote: > Note, again, that Mason is a *general-purpose* template language, not > necessarily a *web* template language. True, but most of Mason use is to generate Web pages, so I would suggest that the most common case should be correct by defau

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Jonathan Swartz
> I think the default for text outside a <%perl> block should be HTML style > escaping, since it seems that most Mason2 apps are web apps and most non-web > Mason2 apps would need some sort of Perl to generate their output (and there > is always the here-doc for boilerplate text). Have to disag

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Stephen Clouse
On Wed, May 9, 2012 at 3:15 PM, Jonathan Swartz wrote: > > As you noted, escaping by default would be fine and largely a > non-argument if Mason were explicitly a Web template language, but it's not. > > I'm confused Stephen, because this statement seems to contradict your > other statement that

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Stephen Clouse
On Wed, May 9, 2012 at 2:30 PM, Paul Wallingford wrote: > An example of a slow method would be a parser that breaks of the final > output into a DOM tree and can apply escaping to the right parts. > That assumes that there is a DOM tree to be parsed. An example of a method that preserves context

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Jonathan Swartz
> As you noted, escaping by default would be fine and largely a non-argument if > Mason were explicitly a Web template language, but it's not. > I'm confused Stephen, because this statement seems to contradict your other statement that "escaping by default never works right, because too many t

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Paul Wallingford
On 5/9/2012 11:57 AM, Stephen Clouse wrote: > On Wed, May 9, 2012 at 11:39 AM, Jonathan Swartz > wrote: > > This has got to be a common web template conundrum. Anyone know how > Rails or Django solves it? > > > In Django's case, by forcing the user's hand (escaping

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Stephen Clouse
On Wed, May 9, 2012 at 11:39 AM, Jonathan Swartz wrote: > This has got to be a common web template conundrum. Anyone know how Rails > or Django solves it? > In Django's case, by forcing the user's hand (escaping by default, must be explicitly disabled through template notation). Rails apparentl

Re: [Mason] Mason2: no default HTML escaping

2012-05-09 Thread Jonathan Swartz
> On Thu, May 3, 2012 at 7:00 AM, Jonathan Swartz wrote: > On Mar 7, 2012, at 1:49 AM, Pedro Melo wrote: > > On Wed, Mar 7, 2012 at 12:11 AM, Jonathan Swartz wrote: > >> I hear your concerns. So I'm not sure which of these you are suggesting: > >> 1) Substitution tags should be HTML-escaped by de

Re: [Mason] Mason2: no default HTML escaping

2012-05-03 Thread Stephen Clouse
On Thu, May 3, 2012 at 7:00 AM, Jonathan Swartz wrote: > On Mar 7, 2012, at 1:49 AM, Pedro Melo wrote: > > On Wed, Mar 7, 2012 at 12:11 AM, Jonathan Swartz > wrote: > >> I hear your concerns. So I'm not sure which of these you are suggesting: > >> 1) Substitution tags should be HTML-escaped by d

Re: [Mason] Mason2: no default HTML escaping

2012-05-03 Thread Jonathan Swartz
On Mar 7, 2012, at 1:49 AM, Pedro Melo wrote: > On Wed, Mar 7, 2012 at 12:11 AM, Jonathan Swartz wrote: >> I hear your concerns. So I'm not sure which of these you are suggesting: >> 1) Substitution tags should be HTML-escaped by default in Mason. > > This one would be my choice *if* Mason was

Re: [Mason] Mason2: no default HTML escaping

2012-03-07 Thread Pedro Melo
On Wed, Mar 7, 2012 at 9:59 AM, Jérôme Étévé wrote: > On 7 March 2012 09:49, Pedro Melo wrote: >>> #1 is hard to do because Mason is supposed to be content-type agnostic - >>> usable for HTML generation but also other kinds of content generation. (this quote is not mine, btw...) > The default

Re: [Mason] Mason2: no default HTML escaping

2012-03-07 Thread Jonathan Swartz
On Mar 7, 2012, at 1:59 AM, Jérôme Étévé wrote: > On 7 March 2012 09:49, Pedro Melo wrote: >>> #1 is hard to do because Mason is supposed to be content-type agnostic - >>> usable for HTML generation but also other kinds of content generation. > > The default filter is defined in the interprete

Re: [Mason] Mason2: no default HTML escaping

2012-03-07 Thread Jonathan Swartz
On Mar 6, 2012, at 5:18 PM, Paul Wallingford wrote: > On 3/6/2012 4:11 PM, Jonathan Swartz wrote: >> I hear your concerns. So I'm not sure which of these you are suggesting: >> 1) Substitution tags should be HTML-escaped by default in Mason. >> 2) DefaultFilter should be implemented and documented

Re: [Mason] Mason2: no default HTML escaping

2012-03-07 Thread Jérôme Étévé
On 7 March 2012 09:49, Pedro Melo wrote: >> #1 is hard to do because Mason is supposed to be content-type agnostic - >> usable for HTML generation but also other kinds of content generation. The default filter is defined in the interpreter instance. If you need to use Mason to generate any type

Re: [Mason] Mason2: no default HTML escaping

2012-03-07 Thread Pedro Melo
Hi, On Wed, Mar 7, 2012 at 1:18 AM, Paul Wallingford wrote: > So, the question is: Has anyone used Mason for anything serious other > than web page generation? Most current websites generate at least JSON (if they have an API) and XML (if they have RSS/Atom feeds). Personally I also use it to g

Re: [Mason] Mason2: no default HTML escaping

2012-03-07 Thread Pedro Melo
On Wed, Mar 7, 2012 at 12:11 AM, Jonathan Swartz wrote: > I hear your concerns. So I'm not sure which of these you are suggesting: > 1) Substitution tags should be HTML-escaped by default in Mason. This one would be my choice *if* Mason was used only for the web. > 2) DefaultFilter should be im

Re: [Mason] Mason2: no default HTML escaping

2012-03-06 Thread Dave Rolsky
On Tue, 6 Mar 2012, Paul Wallingford wrote: > So, the question is: Has anyone used Mason for anything serious other > than web page generation? If the amount of people or projects using > Mason that are not web based is essentially zero, it may be better to > add web specific features and optimiz

Re: [Mason] Mason2: no default HTML escaping

2012-03-06 Thread Paul Wallingford
On 3/6/2012 4:11 PM, Jonathan Swartz wrote: > I hear your concerns. So I'm not sure which of these you are suggesting: > 1) Substitution tags should be HTML-escaped by default in Mason. > 2) DefaultFilter should be implemented and documented in core Mason, so that > it doesn't require a separate p

Re: [Mason] Mason2: no default HTML escaping

2012-03-06 Thread Shane McCarron
I would prefer number two plus strong documentation encouraging the use of the feature. Especially for newbies. On Mar 6, 2012 6:13 PM, "Jonathan Swartz" wrote: > I hear your concerns. So I'm not sure which of these you are suggesting: > 1) Substitution tags should be HTML-escaped by default in M

Re: [Mason] Mason2: no default HTML escaping

2012-03-06 Thread Jonathan Swartz
I hear your concerns. So I'm not sure which of these you are suggesting: 1) Substitution tags should be HTML-escaped by default in Mason. 2) DefaultFilter should be implemented and documented in core Mason, so that it doesn't require a separate plugin install. #1 is hard to do because Mason is su

Re: [Mason] Mason2: no default HTML escaping

2012-03-05 Thread Jérôme Étévé
On 5 March 2012 12:33, Pedro Melo wrote: > For now I'm using the DefaultFilter plugin. It saves me a lot of > typing and I believe it to be worth it, so my "problem" is solved. I Agree with Pedro. Being able to define a default filter and explicitly choose another one (or none) when needed is mu

[Mason] Mason2: no default HTML escaping

2012-03-05 Thread Pedro Melo
Hi, I'm starting to use Mason2 on new projects, and in the whole I think the changes from HTML::Mason were extremely positive. There is one aspect that bothers me: by default, substitution tags do not perform a HTML escape filter. I think this is a dangerous default, and forces me (let's ignore