HTML-escaped values in templates - Githubissues

tooploox / oya

Using Oya packs containing reusable boilerplate & scripts, you can bootstrap easy to work with, deployable projects

https://oya.sh

MIT License

151 stars 3 forks source link

HTML-escaped values in templates #34

Closed bilus closed 5 years ago

bilus commented 5 years ago

cat > Oyafile
Project: foo
Values:
  xxx:
    foo: 5
    bar:
      baz: qux
xxx: |
  oya render ./input.txt -o /tmp/out
C-d
mkdir /tmp/out
cat > input.txt
<%= "&&" %>
C-d
oya render input.txt -o /tmp/
cat /tmp/out/input.txt

Expected output:

&&

Actual output:

&#34;qux&#34;

bilus commented 5 years ago

raw plush built-in lets you prevent escaping: https://github.com/gobuffalo/plush/blob/master/escape_test.go#L22

Ideas:

Make a PR to enable turning off escaping.
Call raw to wrap all values in scope before rendering (but not before running in script!).

bart84ek commented 5 years ago

I found html.UnescapeString(result)to be the easiest solution. Also saw only &amp causing problems. Other chars !@$%/<> are not encoded during plush render.

bart84ek commented 5 years ago

PR #70