Does purejs HTML-escape values
25 views
Skip to first unread message
Pipalayan Nayak
May 1, 2012, 1:08:30 AM5/1/12
to JavaScript Templates Engine PURE
Hi,
I am new to pure.js . When rendering with pure.js, i find that pure.js
does not HTML escape values. Is it the correct way, or am i missing
something?
code example
var tab_li_directive = {
'ul li':{
'tb<-tabList':{
'span':"tb.tabName',
'@id':function(a) {
return "tinid-" + a.item.tabId;
},
'@class':function(a) {
if (a.pos == 0)
return "tab-class tab-selected";
else
return "tab-class";
}
}
}
}
$('.fbbodydiv-class #tab-div').render(R$.fbPgTab.v.fbPageDtls,
tab_li_directive);
Here, since the tabName is directly rendered into the span, i think it
should be HTML escaped.
Regards.
I am new to pure.js . When rendering with pure.js, i find that pure.js
does not HTML escape values. Is it the correct way, or am i missing
something?
code example
var tab_li_directive = {
'ul li':{
'tb<-tabList':{
'span':"tb.tabName',
'@id':function(a) {
return "tinid-" + a.item.tabId;
},
'@class':function(a) {
if (a.pos == 0)
return "tab-class tab-selected";
else
return "tab-class";
}
}
}
}
$('.fbbodydiv-class #tab-div').render(R$.fbPgTab.v.fbPageDtls,
tab_li_directive);
Here, since the tabName is directly rendered into the span, i think it
should be HTML escaped.
Regards.
Mic (BeeBole)
May 1, 2012, 6:00:22 AM5/1/12
to JavaScript Templates Engine PURE
The string is kept as is, as you may want to generate unescaped HTML.
eg: for partials or recursive template calls.
In your case, you need to make an utility function to escape it.
eg: for partials or recursive template calls.
In your case, you need to make an utility function to escape it.
pipl...@hirerabbit.com
May 1, 2012, 2:02:25 PM5/1/12
to Pure-Unobtrusive...@googlegroups.com
Mic, thanks for the clarification!
Reply all
Reply to author
Forward
0 new messages