search

nytimes / backbone.stickit

Backbone data binding, model binding plugin. The real logic-less templates.
MIT License
1.64k stars 176 forks source link

Escape selectOptions' labelPath and valuePath results #287

Closed mcordes closed 9 years ago

mcordes commented 9 years ago

Hi,

I'm looking for a way to escape the results of labelPath and valuePath. I'm creating a select binding like the following and the issue I'm running into is myCollection.models[0].get(labelPath) returns html that needs to be escaped. I realize I could solve this by doing the escaping in the collection() method, but I'm hoping for a nicer solution.

If escape=true also escaped these paths when evaluated or if there were two new boolean settings (escapeLabelPath and escapeValuepath) that would work for me.

Sample select binding:

                ......
                selectOptions: {
                    collection: function () {
                       this.myCollection.models[0].set('name', '<script>something bad</script>');
                        return this.myCollection;
                    },
                    valuePath: 'id',
                    labelPath: 'name',
                },
mcordes commented 9 years ago

I'm not convinced this isn't an issue on my end. I see you're using jquery's text function when setting the options label. That seems like it should work. Sorry for the interruption.

mcordes commented 9 years ago

Yup, the code is fine. The issue I'm seeing is unrelated (and this): https://code.google.com/p/chromium/issues/detail?id=490607