FumingDing / embeddedjavascript

Automatically exported from code.google.com/p/embeddedjavascript
0 stars 0 forks source link

Escaping HTML #10

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Is it possible to escape/sanitize code, similar to Rails? Example:

<%=h(data) %>,
or
<%=sanitize(data) %>
or probably just a double percentage?
<%%= data %>

I feel this is pretty important feature to have.

Original issue reported on code.google.com by assortme...@gmail.com on 7 Nov 2010 at 3:36

GoogleCodeExporter commented 8 years ago
i think -- good (safety) solution will be: BY DEFAULT <%=data %> means 
need_to_html_escape_mode

...and special mark for NON_NEED_to_html_escape_mode

Original comment by polymor...@gmail.com on 25 Jul 2011 at 1:31