package Valiant::Filter::HtmlEscape;

use Moo;
use Valiant::Util 'throw_exception';

with 'Valiant::Filter::Each';

sub normalize_shortcut {
  my ($class, $arg) = @_;
  return +{ };

sub filter_each {
  my ($self, $class, $attrs, $attribute_name) = @_;  
  my $value = $attrs->{$attribute_name};
  return unless defined $value;

  $value =~ s/&(?!(amp|lt|gt|quot);)/&/g;
  $value =~ s/</&lt;/g;
  $value =~ s/>/&gt;/g;
  $value =~ s/\"/&quot;/g;
  return $value;


=head1 NAME

Valiant::Filter::HtmlEscape - HTML escaping on strings


    package Local::Test::User;

    use Moo;
    use Valiant::Filters;

    has 'name' => (is=>'ro', required=>1);

    filters name => (
      html_escape =>  1,

    my $user = Local::Test::User->new(name=>'<a>john</a>');

    print $user->name; # '&lt;a&gt;john&lt;/a&gt;'

This is a very simple filter that takes no paramters and HTML escapes any incoming
strings. Useful to help with stuff like cross scripting attacks, etc.

Please be aware that the regexp for this might be too simple for truly hardening your code;
please review.

=head1 SEE ALSO
L<Valiant>, L<Valiant::Filter>, L<Valiant::Validator::Filter>.

=head1 AUTHOR
See L<Valiant>  
See L<Valiant>