Injecting output of 'escape-html' into script tag breaks data object in certain cases

paypal / react-engine

a composite render engine for universal (isomorphic) express apps to render both plain react views and react-router views

Apache License 2.0

1.45k stars 130 forks source link

Injecting output of 'escape-html' into script tag breaks data object in certain cases #184

Closed bensbigolbeard closed 7 years ago

bensbigolbeard commented 7 years ago

As a preface, I believe escape-html points to the root cause of the breakage in their readme, where it states:

Note that the escaped value is only suitable for being interpolated into HTML as the text content of elements in which the tag does not have different escaping mechanisms (it cannot be placed inside