Git Product home page Git Product logo

Comments (14)

miripiruni avatar miripiruni commented on September 27, 2024

@f0rmat1k escaping or contentSafe? It’s opposite things. Escaping any fields means you don’t trust it’s value. But naming the field contentSafe we assume that its content is safe and it’s value should be output as is.

In BH you can use html field. See test: https://github.com/bem/bh/blob/master/test/test.html.js#L14

from bh.

qfox avatar qfox commented on September 27, 2024

Feels like it's the same as safe/unsafe to mark fields as "need escaping" and "does not need escaping" flags.

I like the way we do it in bem-xjst: { content: { html: '<script>alert(1);</script>' } } (same as safe: '<script>alert(1);</script>', but I'm agree that opposite will be useful too to not call escaping method directly.

from bh.

f0rmat1k avatar f0rmat1k commented on September 27, 2024

@miripiruni I just wanted to say, that now i have to escape handy any content

{
   content: escape('content')
}

Global option isn't useful.
Maybe BH should really force escape content field? And do like react:

{
   dangerouslyContent: '<span>content</span>'
}

Anyway for me would be enough some field where i can insert content for escaping.

from bh.

Yeti-or avatar Yeti-or commented on September 27, 2024

@f0rmat1k I don't understand why option escapeContent:true doen't do what you want?

from bh.

f0rmat1k avatar f0rmat1k commented on September 27, 2024

@Yeti-or because it affects whole project

from bh.

qfox avatar qfox commented on September 27, 2024

Like that?

bh.match('*', function(ctx, json){
  if(json.dangerousContent) {
    json.content = bh.escape(json.dangerousContent)
  }
})

from bh.

qfox avatar qfox commented on September 27, 2024 
Bemjson = {
  content: [
    'this wont be escaped',
    { unsafe: true, content: [
      'But this will be escaped'
    ] }
  ]
}

And...

bh.match('*', function...
  if(json.unsafe) {
    ctx.unsafe = true
    res = ctx.applyBase()
    ctx.unsafe = false
    return res
  }

bh.match('*', function...
  if(ctx.unsafe) escape content manually

from bh.

Yeti-or avatar Yeti-or commented on September 27, 2024

react escaping affects whole project too

from bh.

f0rmat1k avatar f0rmat1k commented on September 27, 2024

@Yeti-or but react has dangerouslySetInnerHtml

from bh.

qfox avatar qfox commented on September 27, 2024

@f0rmat1k BH has content: { tag: false, html: ... } that works like dangerouslySetInnerHtml: ...

from bh.

f0rmat1k avatar f0rmat1k commented on September 27, 2024

@zxqfox So i will have to create .bh for every block (usually priv is enought for me). It isn't as simple as specific bemjson field. But thank you for advice.

from bh.

mishanga avatar mishanga commented on September 27, 2024

Можно реализовать компрометирующую логику через tParam: выставлять его для всех детей где-то на уровне блока, у которого есть шаблон. То есть компрометировать ветку в BEMJSON, а не узел.

from bh.

qfox avatar qfox commented on September 27, 2024

Оу, когда я писал про стх, я имел ввиду tParam для поддерева. Я поправлю сниппет

from bh.

qfox avatar qfox commented on September 27, 2024

Без tParam: https://goo.gl/JvaD4D Кажется, что так даже лучше.
С tParam: https://goo.gl/sAFRbg https://goo.gl/RRU1nW

from bh.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.