Holowaychuk ] wrote:
> hey! sounds cool :) there is an (ugly) unescaped attribute syntax the same
> as regular unescaped buffering:
> foo(something!='<val>')
> <foo something="<val>">
> it's somewhat ugly by-design so it stands out as insecure for user input,
> we could add additional logic for strings with no js expressions and leave
> those unescaped but that's not something I've had time to look at, or much
> of a need personally so it's been really low priority
> On Tue, Oct 16, 2012 at 2:44 PM, Jed Wood <jed....@gravitytank.com<javascript:>
> > wrote:
>> TJ and Jade Friends-
>> I'll start with the punchline.
>> *How can I best let PHP tags pass through Jade untouched?*
>> *
>> *
>> This:
>> form#new-vendor-form(action="<?php echo route('vendors') ?>",
>> method="POST")
>> and this:
>> form#new-vendor-form(action="\<?php echo route('vendors') ?\>",
>> method="POST")
>> But both result in:
>> <form id="new-vendor-form" action="<?php echo route('vendors') ?>"
>> method="POST">
>> Could it be as simple as making this line:
>> https://github.com/visionmedia/jade/blob/master/lib/compiler.js#L652
>> only escape html tags that don't have the ? before/after them?
>> Read on for some context.
>> I'm working on a cool project<http://www.whitehouse.gov/innovationfellows/rfpez>under the White House CTO that's trying to make it easier for the U.S.
>> government to acquire technology from startups and small tech companies.
>> Unfortunately, we're bound to using PHP for the core of the app. But we're
>> trying to make that as painless as possible. We've got stylus working, and
>> we're using a good framework called Laravel <http://laravel.com>. We put
>> a lot of effort into getting this PHP port of jade<https://github.com/dz0ny/jade.php>integrated and it works okay, but we're running into too many little
>> annoying issues and we'd rather stick with proper Jade if possible.
>> TJ, hopefully you can help your friends south of the border! :)
>> Thanks,
>> jed wood
