Use of sanitized content in call params

24 views
Skip to first unread message

Matt Schemmel

unread,
May 15, 2013, 6:25:29 PM5/15/13
to closure-temp...@googlegroups.com
Recently, we noticed that a template like the following:
{template .outer}
  {call .inner}
    {param html}{customFunctionWithSanitizedResult()}{/param}
  {/call}
{/template}

/** @param html HTML to be rendered
{template .inner}
  {$html}
{/template}

doesn't do what you'd expect: the sanitized content from the function loses the "clean" bit when passed as a param, autoescaping (thus double escaping) the html.

I'm using a relatively old release of the templates lib, but I wasn't able to find anything related to this in the code.google issues list... is this fixed in a recent release, on the docket for the future, or is the current behavior intentional for some reason?

Matt Schemmel

unread,
May 15, 2013, 6:53:21 PM5/15/13
to closure-temp...@googlegroups.com
Well, nevermind.

{{param: customFunction.../}}

works as desired.    Easy enough to see why sanitized content {print}ed in the param-with-content version would lose the flag.
Reply all
Reply to author
Forward
0 new messages