This will wrap all output in an instance of SafeString which extends the global String object. This makes it easy to distinguish the output of Hyperons so that it doesn't double-escape child elements.
The downside is that the consumer must convert the string object to a string primitive.
This doesn't cause any degradation in performance according to benchmarks.
As discussed in #3 the current heuristic may be dangerous if unsanitised input is passed to the template. Arguably apps should be sanitising user input, however.
Coverage decreased (-3.6%) to 96.35% when pulling fad0cb0b6746ba750562fbd0f8bac52dafabee5e on safe-string into 7addfe0d689d35787d37ef07f75d13e1a874ae13 on master.
This will wrap all output in an instance of
SafeString
which extends the globalString
object. This makes it easy to distinguish the output of Hyperons so that it doesn't double-escape child elements.The downside is that the consumer must convert the string object to a string primitive.
This doesn't cause any degradation in performance according to benchmarks.
As discussed in #3 the current heuristic may be dangerous if unsanitised input is passed to the template. Arguably apps should be sanitising user input, however.