Is there a reason you've put your entire body in {{{triple braces}}}?
This makes you vulnerable to XSS: '{{double braces}}' escape HTML with a SafeString function - triple braces just render whatever they're given, hence vulnerability.
I actually use one single triple brace expression in my entire app, but that's just out of laziness, and it's only for rendering a single icon - so I control what goes in there.
BUT when you start using APIs, or even seemingly safe frameworks, you're dealing with code you don't control, so it's worth only using the triple braces when it's absolutely necessary
I don't actually know what the impact of having the entire body rendered like this, but it's definitely not a good idea if you can help it.
Is there a reason you've put your entire
body
in{{{triple braces}}}
?This makes you vulnerable to XSS: '{{double braces}}' escape HTML with a
SafeString
function - triple braces just render whatever they're given, hence vulnerability.I actually use one single triple brace expression in my entire app, but that's just out of laziness, and it's only for rendering a single icon - so I control what goes in there.
BUT when you start using APIs, or even seemingly safe frameworks, you're dealing with code you don't control, so it's worth only using the triple braces when it's absolutely necessary
I don't actually know what the impact of having the entire body rendered like this, but it's definitely not a good idea if you can help it.
See this answer for more detail