& in mustache template gets tendered as &

[Aleksey Tsalolikhin]

if I put & into a mustache template, it is rendered as & - what's going on?  i want &. Any way to get it? 

Tried unsuccessfully to escape it.

[Ted Zlatanov]

On Fri, 18 Sep 2015 09:29:49 -0700 Aleksey Tsalolikhin <ale...@verticalsysadmin.com> wrote:

AT> if I put & into a mustache template, it is rendered as &amp; - what's going
AT> on? i want &. Any way to get it?

AT> Tried unsuccessfully to escape it.

You can put "&" in a variable and use {{{var}}}

I don't think there's a way to add a verbatim text block but I may be
wrong. Maybe someone else knows?

Ted

[Aleksey Tsalolikhin]

Thanks, Ted, I appreciate the workaround.

Is it the mustache templating library that's URL-encoding my "&" or is CFEngine doing it?  Is there a way to turn off this behavior altogether?  

Ted

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at http://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

--

Aleksey Tsalolikhin

CFEngine Training & Consulting

Vertical Sysadmin, Inc.

+1-323-393-0779

[Ted Zlatanov]

On Fri, 18 Sep 2015 11:09:24 -0700 Aleksey Tsalolikhin <ale...@verticalsysadmin.com> wrote:

AT> Is it the mustache templating library that's URL-encoding my "&" or is
AT> CFEngine doing it?

Mustache.

AT> Is there a way to turn off this behavior altogether?

I don't think there's a way to turn off escaping currently. It would be
a fairly easy option to add to the Mustache functionality.

Ted

[Benoit Peccatte]

There is.
Juste use the {{{ }}} syntax instead of {{ }}
This is part of the mustache library that was initially made for HTML.

 

Benoît Peccatte Responsable cloud development Normation
87, Rue de Turbigo, 75003 Paris, France
Phone:	+33 (0)1 85 08 48 96

[Ted Zlatanov]

On Fri, 18 Sep 2015 22:46:30 +0200 Benoit Peccatte <benoit....@normation.com> wrote:

BP> Le 18/09/2015 21:09, Ted Zlatanov a écrit :

BP> On Fri, 18 Sep 2015 11:09:24 -0700 Aleksey Tsalolikhin <ale...@verticalsysadmin.com> wrote:

AT> Is there a way to turn off this behavior altogether?

BP> I don't think there's a way to turn off escaping currently. It would be
BP> a fairly easy option to add to the Mustache functionality.

BP> There is.
BP> Juste use the {{{ }}} syntax instead of {{ }}
BP> This is part of the mustache library that was initially made for HTML.

Yes, right. But there's no way to turn it off for the whole document,
which IIUC is what Aleksey was asking. In the configuration management
domain, that makes a lot of sense.

Ted

[Nick Anderson]

I would have expected only variables to html escape.

The only reference to html escape I found on https://mustache.github.io/mustache.5.html
Was
"All variables are HTML escaped by default."
Sent from my mobile device.

[Aleksey Tsalolikhin]

> Yes, right.  But there's no way to turn it off for the whole document,
> which IIUC is what Aleksey was asking. 

Perzactly. Thanks for translating!:-)

[Ted Zlatanov]

On Fri, 18 Sep 2015 17:57:14 -0500 Nick Anderson <nick.a...@cfengine.com> wrote:

NA> I would have expected only variables to html escape.
NA> The only reference to html escape I found on https://mustache.github.io/mustache.5.html
NA> Was
NA> "All variables are HTML escaped by default."

If someone (Aleksey or Nick or whoever wants this) could define the
desired behavior in a Redmine ticket, it would probably be the fastest
way to get it done. FWIW I agree in our domain we shouldn't have HTML
escaping by default.

Ted

[Nick Anderson]

On Monday, September 21, 2015 at 8:27:08 AM UTC-5, Ted Zlatanov wrote:

If someone (Aleksey or Nick or whoever wants this) could define the
desired behavior in a Redmine ticket, it would probably be the fastest
way to get it done.  FWIW I agree in our domain we shouldn't have HTML
escaping by default.

Finally got back to reviewing this one.

I was going to open a redmine, but it seems to be working as I expect in 3.7.1.

cf-agent -KIf ./mustache_html_escape.cf -DAUTO,DEBUG                                   [±master ●▴]
    info: Deleted file '/tmp/TEST.cfengine'
    info: Created file '/tmp/TEST.cfengine', mode 0600
    info: Updated rendering of '/tmp/TEST.cfengine' from template mustache template '/home/nickanderson/CFEngine/core/tests/acceptance/10_files/templating/./mustache_html_escape.cf.mustache'
R: Rendering template file /home/nickanderson/CFEngine/core/tests/acceptance/10_files/templating/./mustache_html_escape.cf.mustache to /tmp/TEST.cfengine using /home/nickanderson/CFEngine/core/tests/acceptance/10_files/templating/./mustache_html_escape.cf.json
R: expect: '& == &
&amp; ~= &
'
R: actual: '& == &
&amp; ~= &
'
R: /home/nickanderson/CFEngine/core/tests/acceptance/10_files/templating/./mustache_html_escape.cf Pass

Aleksey which version were you using when you found it html escaping the characters outside of variables?
Can you run the test I made?

[Aleksey Tsalolikhin]

Merci, Benoit!  {{{ }}} disables the HTML escaping.

Nick: Thanks for looking into this.  3.7.1 is HTML-escaping my mustache template when I use {{ }}

# vim mustache_motd.cf

# vim motd.mustache

# cf-agent -f ./mustache_motd.cf 

# cat /etc/motd

Uauthorized use forbidded

A&amp;B

# cf-agent -V

CFEgine Core 3.7.1

CFEgine Enterprise 3.7.1

# cat mustache_motd.cf 

undle agent main {

 files:

     "/etc/motd"

          create => "true",

 template_method => "mustache",

 edit_template   => "$(this.promise_dirname)/motd.mustache",

   template_data => parsejson('

           {

              "custommessage" : "A&B",

           }

        ');

}

# cat motd.mustache  

Uauthorized use forbidded

{{custommessage}}

# 

--
You received this message because you are subscribed to the Google Groups "help-cfengine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to help-cfengin...@googlegroups.com.
To post to this group, send email to help-c...@googlegroups.com.
Visit this group at http://groups.google.com/group/help-cfengine.
For more options, visit https://groups.google.com/d/optout.

[Aleksey Tsalolikhin]

Apparently, it's supposed to do that.

All variables are HTML escaped by default. If you want to return unescaped HTML, use the triple mustache: {{{name}}}.

https://mustache.github.io/mustache.5.html

[Nick Anderson]

On 10/14/2015 01:47 PM, Aleksey Tsalolikhin wrote:
> Apparently, it's supposed to do that.
>
> All variables are HTML escaped by default. If you want to return
> unescaped HTML, use the triple mustache: |{{{name}}}|.
>
> https://mustache.github.io/mustache.5.html

That's correct. This is expected behavior.

If you have & in a variable that is expanded in a mustache template AND
you don't want it html escaped you should use triple mustache. So
effectively unless your rendering web pages, probably you always want to
use triple escapes.

From the first message, I was under the impression that you had seen &
get html escaped when the & was OUTSIDE of a variable somewhere in the
mustache template by itself. That should NOT be html escaped, and in my
testing it was not.

[Aleksey Tsalolikhin]

Right on.  Sorry for wasting your time!  I'm going to add a link to 

https://mustache.github.io/mustache.5.html

to my training materials for CFEngine users.  =)

[Nick Anderson]

Feel free to make a PR to the docs if you would like to enhance them. a
good first step would probably be replacing {{ with {{{ in all of the
examples.