File Coverage

blib/lib/Template/EmbeddedPerl/Utils.pm
Criterion Covered Total %
statement 45 49 91.8
branch 7 12 58.3
condition n/a
subroutine 8 9 88.8
pod 4 4 100.0
total 64 74 86.4


line stmt bran cond sub pod time code
1             package Template::EmbeddedPerl::Utils;
2              
3 7     7   205818 use warnings;
  7         14  
  7         420  
4 7     7   39 use strict;
  7         13  
  7         212  
5 7     7   35 use Exporter 'import';
  7         12  
  7         286  
6 7     7   3950 use URI::Escape ();
  7         14207  
  7         302  
7 7     7   3556 use JSON::MaybeXS;
  7         75963  
  7         11730  
8              
9             our @EXPORT_OK = qw(
10             normalize_linefeeds
11             uri_escape
12             escape_javascript
13             generate_error_message
14             );
15              
16             # uri_escape is a function from URI::Escape
17             # it is used to escape the uri string.
18             # uri_escape('http://www.google.com') => 'http%3A%2F%2Fwww.google.com'
19              
20             sub uri_escape {
21 0     0 1 0 my ($string) = @_;
22 0         0 return URI::Escape::uri_escape($string);
23             }
24              
25             # normalized the line endings to \n from mac and windows format.
26              
27             sub normalize_linefeeds {
28 63     63 1 151 my ($template) = @_;
29 63         222 $template =~ s/\r\n/\n/g;
30 63         124 $template =~ s/\r/\n/g;
31 63         158 return $template;
32             }
33              
34             # Create a JSON encoder
35             my $json = JSON::MaybeXS->new(utf8 => 0, ascii => 1, allow_nonref => 1);
36              
37             # Define the escape_javascript function
38             sub escape_javascript {
39 6     6 1 200849 my ($javascript) = @_;
40 6 50       26 return '' unless defined $javascript;
41              
42             # Encode the string as a JSON string
43 6         43 my $escaped = $json->encode($javascript);
44              
45             # Remove the surrounding quotes added by JSON encoding
46 6         74 $escaped =~ s/^"(.*)"$/$1/;
47              
48             # Escape additional characters not handled by JSON encoding
49 6         18 $escaped =~ s/`/\\`/g; # Escape backticks
50 6         17 $escaped =~ s/\$/\\\$/g; # Escape dollar signs
51 6         15 $escaped =~ s/'/\\'/g; # Escape single quotes
52              
53 6         33 return $escaped;
54             }
55              
56             sub generate_error_message {
57 2     2 1 7 my ($msg, $template, $source) = @_;
58              
59 2 50       10 warn "RAW MESSAGE: [$msg]" if $ENV{DEBUG_TEMPLATE_EMBEDDED_PERL};
60              
61 2 50       6 $source = $source ? "$source" : 'unknown';
62              
63 2         4 my @files;
64 2         80 push @files, [$1, $2, $3, $msg] while $msg =~ /^(.+?) at\s+(.+?)\s+line\s+(\d+)/gm;
65              
66 2         6 my $text = '';
67 2         6 foreach my $file (@files) {
68 3         9 my ($msg, $file, $line, $extra) = @$file;
69 3 50       12 if($file !~ m/eval/) {
70 0         0 $text .= $extra;
71 0         0 next;
72             }
73 3         7 $text .= "$msg at $source line $line\n\n";
74              
75 3         6 $line--;
76 3 100       11 my $start = $line -1 >= 0 ? $line -1 : 0;
77 3 50       10 my $end = $line + 1 < scalar(@$template) ? $line + 1 : scalar(@$template) - 1;
78 3         8 for my $i ($start..$end) {
79 8         10 $text .= "@{[ $i+1 ]}: $template->[$i]\n";
  8         23  
80             }
81 3         9 $text .= "\n";
82             }
83              
84 2         23 return "$text\n";
85             }
86              
87             1;
88              
89              
90             =head1 NAME
91              
92             Template::EmbeddedPerl::Utils - Utility functions for Template::EmbeddedPerl
93              
94             =head1 DESCRIPTION
95              
96             This module provides utility functions for L. It is not intended to be used directly.
97              
98             =head1 EXPORTS
99              
100             =head2 normalize_linefeeds
101              
102             my $normalized = normalize_linefeeds($template);
103              
104             Normalize the line endings to \n from mac and windows format.
105              
106             =head2 uri_escape
107              
108             my $escaped = uri_escape($string);
109              
110             Escape the uri string.
111              
112             =head2 escape_javascript
113              
114             my $escaped = escape_javascript($javascript);
115              
116             Escape the javascript string. This basically takes a string and escapes it so that it can be
117             embedded in a JavaScript string. So it escapes single quotes, backticks, and dollar signs and
118             that sort of this. It is not guaranteed to protect against all forms of XSS attacks. If you
119             are embedding user input in a JavaScript string, you should be sure to have cleaned that first
120             probably using HTML or URI escaping, or running the string through a JavaScript sanitizer to
121             remove any potentially harmful code.
122              
123             =head2 generate_error_message
124              
125             my $error_message = generate_error_message($msg, $template, $source);
126              
127             Generate an error message.
128              
129             =head1 SEE ALSO
130            
131             L
132              
133             =head1 AUTHOR
134            
135             See L
136            
137             =head1 COPYRIGHT & LICENSE
138            
139             See L
140            
141             =cut