Closed MarcinJuraszek closed 8 years ago
Thanks!
I wonder if it would make sense to do the formatting in the DotLiquid template? I think that would be a bit nicer!
When you add some function to filters like niceDate
here, it becomes available as a DotLiquid filter and can be used by writing {{ something | nice_date }}
like here.
So I think you could change this bit of code to use {{ model.Query | html_encode }}
.
(DotLiquid apparently_likes_underscores_for_some_reason :-) )
Did not know that. It's way more readable!
Hi, there is a built in function escape that does the same.
{{ model.Query | escape }}
That's even better. Thanks @patrick-mackay!
Nice, that was even easier than I thought :-)
HTML encode search query to prevent script injection. Resolves https://github.com/tpetricek/FsSnip.Website/issues/36