Add HTML special char encoding to API

codegooglecom / querytemplates

Automatically exported from code.google.com/p/querytemplates

0 stars 0 forks source link

Add HTML special char encoding to API #31

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Values are just inserted plain text into the markup. This adds security issues.
To just escape object properties beforehand is possible, but I don't want
to use an own object just for templating (think of encoding the object to
JSON in the next step)

So what about adding extra methods or an additional argument to define, if
a value's special chars should be encoded?

Original issue reported on code.google.com by test9...@gmx.de on 28 Dec 2009 at 1:54

GoogleCodeExporter commented 9 years ago

Should be labeled as enhancement.

Original comment by test9...@gmx.de on 28 Dec 2009 at 1:56

GoogleCodeExporter commented 9 years ago

$fieldCallback is supposed to do that. It's always the last parameter in 
methods 
inserting content. Of course you have to provide such callback yourself.

Original comment by tobiasz....@gmail.com on 28 Dec 2009 at 4:18

GoogleCodeExporter commented 9 years ago

I don't see such a parameter for varPrint methods.

Original comment by test9...@gmx.de on 29 Dec 2009 at 12:11