autoescaping

21 views
Skip to first unread message

Francois Stephany

unread,
Oct 6, 2009, 11:48:57 AM10/6/09
to Liquid Templates
Hi guys,
I'm playing with Liquid in my rails application and wondering if there
is a way to escape everything by default?

Cheers,

Francois

Francois Stephany

unread,
Oct 23, 2009, 6:53:33 AM10/23/09
to Liquid Templates
I've quickly implemented it:
{{ post.content | raw }} => no escaping
{{ post.title }} => title is escaped

Code is there: http://github.com/fstephany/liquid

Simon Russell

unread,
Oct 27, 2009, 4:32:51 AM10/27/09
to liquid-t...@googlegroups.com
Hi there,

Sorry, I would have responded to this, but because so much actual spam
comes through on this list, gmail decided all email from this list
must be spam.

I implemented this also a few months ago; it's almost essential
actually, I'm surprised it's not in Liquid by default. My
implementation was roughly similar to yours, but I also took the
opportunity to allow objects to be smarter about how they're rendered.
So mine hooks into the render call on Liquid::Variable, and escapes
what's there unless what's there has a to_html method (and it's not a
string; for some horrible reason, Maruku adds a to_html method to
strings).

The 'raw' filter is implemented by wrapping the string in an object
that responds to to_html; to_html just returns the string.

Same effect as yours, but it also allowed me to do some other things.
(For example, we have a money wrapper that automatically formats
itself.)

The relevant code is:

in Liquid::Variable:
def render_with_autoescape(context)
result = render_without_autoescape(context)

return result.to_html if result.respond_to?(:to_html) &&
!result.is_a?(String)

CGI.escapeHTML(result.to_s)
end

and the RawHtml class:
class RawHtml

def initialize(html)
@html = html
end

def to_s
@html
end

def to_liquid
self
end

def to_html
@html
end

end

I implemented the whole thing as a monkey patch, rather than forking the code.

Regards

Simon Russell

Francois Stephany

unread,
Nov 12, 2009, 4:31:58 AM11/12/09
to Liquid Templates
Hi Simon,

Oops, i'm also late to reply...
Pretty slick, thanks for sharing ;)

Francois
Reply all
Reply to author
Forward
0 new messages