How can I prevent Mojolicious from character-escaping stash data?

Question

I am trying to send HTML to a template in Mojolicious and am finding that the html is getting replaced with safe strings somewhere along the way.

$self->stash(portalHeaderHtml => "<html>");

Becomes

 &lt;html&gt;

In the source

The template:

<%= $portalHeaderHtml %>

How do I tell it to display HTML and not replace tags?

score 19 · Accepted Answer · edited May 30 '20 at 17:42

19

Mojolicious::Guides::Rendering suggests using == to disable escaping of characters.

An additional equal sign can be used to disable escaping of the characters <, >, &, ' and " in results from Perl expressions, which is the default to prevent XSS attacks against your application.
<%== '<p>test</p>' %>

Proceed with caution.

edited May 30 '20 at 17:42

smonff

3,399
3
36
46

answered Mar 28 '13 at 13:15

Zaid

36,680
16
86
155

Thank you! I could not find that. – shaneburgess Mar 28 '13 at 13:24
Thank you so much, I searched for this for one hour and `HTML::Entities` wasn't helpful since it was re-escaped anyway. – smonff May 30 '20 at 17:42

How can I prevent Mojolicious from character-escaping stash data?

1 Answers1