HughDai / embeddedjavascript

EJS cleans the HTML out of your JavaScript with client side templates
http://code.google.com/p/embeddedjavascript
Other
0 stars 0 forks source link

Escaping HTML #10

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Is it possible to escape/sanitize code, similar to Rails? Example:

<%=h(data) %>,
or
<%=sanitize(data) %>
or probably just a double percentage?
<%%= data %>

I feel this is pretty important feature to have.

Original issue reported on code.google.com by assortme...@gmail.com on 7 Nov 2010 at 3:36

GoogleCodeExporter commented 9 years ago
i think -- good (safety) solution will be: BY DEFAULT <%=data %> means 
need_to_html_escape_mode

...and special mark for NON_NEED_to_html_escape_mode

Original comment by polymor...@gmail.com on 25 Jul 2011 at 1:31