Security Advisories (1)

CVE-2026-5090 (2026-05-19)

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in <a id='ref' title='[% var | html %]'> would not be properly escaped. An attacker could insert some limited HTML and JavaScript, for example, var = " ' onclick='while (true) { alert(1) }'" Note that arbitrary HTML and JavaScript would be difficult to inject, because angle brackets, ampersands and double-quotes would still be escaped.

NAME

Template::Tutorial - Template Toolkit Tutorials

DESCRIPTION

This section includes tutorials on using the Template Toolkit. Subjects currently include an general overview of the Template Toolkit, showing users how to get quickly up to speed building web content, and a tutorial on generating and using data files, with particular reference to XML.

Template::Tutorial::Web

Generating Web Content Using the Template Toolkit

This tutorial provides an introduction to the Template Toolkit and a "quick start" guide to getting up to speed. Its primarily focus is on using the Template Toolkit to build web content and it covers 4 basic areas: using tpage and ttree; using the Template.pm module in CGI scripts; writing Apache/mod_perl handlers; and extending the toolkit by writing plugins.

Template::Tutorial::Datafile

Creating Data Output Files Using the Template Toolkit

This tutorial gives an overview of the Template Toolkit, showing in particular how to use it to read and write data files in various different formats and styles. It was written by Dave Cross and first appeared as a lead article at http://www.perl.com/ earlier in the year (2001).

AUTHOR

Andy Wardley <abw@andywardley.com>

http://www.andywardley.com/

VERSION

Template Toolkit version 2.11, released on 06 January 2004.

COPYRIGHT

Copyright (C) 1996-2004 Andy Wardley.  All Rights Reserved.
Copyright (C) 1998-2002 Canon Research Centre Europe Ltd.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Template, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Template

CPAN shell

perl -MCPAN -e shell
install Template

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

AUTHOR

VERSION

COPYRIGHT

Module Install Instructions

Keyboard Shortcuts