Hello guys,
Just found out that bug and I don't know if it's related to EJS or Sails, because Sails provides a tool to compile assets/templates to JS functions that are stored in the JST global variable on the client.
Basically, let's say that I've got a template like this:
<div>
<%- "<span class='test'>"%>
<div class="content">
</div>
</div>
Here is the output by running JST['myTemplate.ejs']()
<div>
<span class='test'>
<div class="content">
</div>
</div>"
The HTML isn't escaped as I wanted by using <%-, but it works on the server side.
Note that if I load a partial then it will work on both client and server sides, the issue is only on the client and only when I try to output raw HTML directly without using a template.
I don't know where to report that bug, I don't know if that's related to the way Sails generate these awesome JS functions that are available client side. (By the way, could you tell me how you do it? I guess you're using some library)
Thanks.