search

CrowdHailer / eex_html

Extension to Embedded Elixir (EEx), that allows content to be safely embedded into HTML.
https://hex.pm/packages/eex_html
Apache License 2.0
3 stars 5 forks source link

for and other control structures need raw() to escape contents #2

Closed Nicd closed 5 years ago

Nicd commented 6 years ago

If you use for, if, case etc. structures, you need to wrap it in raw() to prevent escaping of the contents:

<%= for i <- 1..10 do %> <span id="<%= i %>"></span><% end %>
<%= raw(for i <- 1..10 do %> <span id="<%= i %>"></span><% end) %>

results in

&lt;span id=&quot;1&quot;&gt;&lt;/span&gt; &lt;span id=&quot;2&quot;&gt;&lt;/span&gt; &lt;span id=&quot;3&quot;&gt;&lt;/span&gt; &lt;span id=&quot;4&quot;&gt;&lt;/span&gt; &lt;span id=&quot;5&quot;&gt;&lt;/span&gt; &lt;span id=&quot;6&quot;&gt;&lt;/span&gt; &lt;span id=&quot;7&quot;&gt;&lt;/span&gt; &lt;span id=&quot;8&quot;&gt;&lt;/span&gt; &lt;span id=&quot;9&quot;&gt;&lt;/span&gt; &lt;span id=&quot;10&quot;&gt;&lt;/span&gt;
<span id="1"></span> <span id="2"></span> <span id="3"></span> <span id="4"></span> <span id="5"></span> <span id="6"></span> <span id="7"></span> <span id="8"></span> <span id="9"></span> <span id="10"></span>

This is inconsistent with the behaviour of Phoenix, for example. It would be more convenient to not need to wrap the structures in raw().

CrowdHailer commented 5 years ago

Fixed in #6

released in 0.2.0