search

carvel-dev / ytt

YAML templating tool that works on YAML structure instead of text
https://carvel.dev/ytt
Apache License 2.0
1.68k stars 137 forks source link

Add an optional boolean to not escape html during json encoding #890

Closed WnP closed 8 months ago

WnP commented 9 months ago

By default the golang encode does escape problematic HTML characters inside JSON quoted strings. Which may leads to undesired behavior.

A typical example is when you are using the argocd-vault-plugin syntax inside a json string, which looks like this:

#@data/values
---
credentials:
  username: bob
  password: <path:/to/bob/password>

Then if I want to create a secret with

#@ load("@ytt:data", "data")
#@ load("@ytt:json", "json")
stringData: #@ json.encode(data.values.credentials, indent=2)

Then it compiles to:

stringData: |-
  {
    "username": "bob",
    "password": "\u003cpath:/to/bob/password\u003e"
  }

Which obviously isn't what we want.

It would be nice if we can call Encode.SetEscapeHTML somehow to prevent that.

prembhaskal commented 9 months ago

@100mik this seems a valid ask, I think we should accept it.