Backward compatibility about bbmustache HOT 10 CLOSED

Hi, @dzimi

I think that the backward compatibility is important.
If I change the interface of function, I will do a major update.

However, I think that this case is fix the bug.
(Please check the demo page if necessary)

If it will found different behaviors as demo page, I would regard as bug and fix it.
Therefore, please use the {{{ key }}}, If you do not want to escape in any case.

In addition, escape is specifications of the mustache. So, I am negative that it be added unescape option...

from bbmustache.

Thanks, I get it. The slash char was not escaped in previous versions and it was a bug. I made an issue on rebar3 erlang/rebar3#1264. Due to this bug in < v1.1.0, is quite risky to upgrade the bbmustache version, because path variables in form {{ path }} will be escaped. But it is the problem of rebar3 ...

from bbmustache.

Couldn't you just make this behaviour optional? Why do you need to escape slashes anyhow?

from bbmustache.

@filmor
bbmustache must conform to the specifications of the mustache.

If bbmustache has the option, it will happen that someone want to escape and use the {{key}}, but generated text is not escape (In other words, contrary to the specification !!).
So, when I allow this, bbmustache won't be worth.

from bbmustache.

I agree with @soranoba. I think that this issue can be closed and issue erlang/rebar3#1264 should be resloved instead.

from bbmustache.

That's right. I will close this issue. thanks!!

from bbmustache.

Wait a second, where in the spec does it say, that the forward slash is to be escaped? Here it actually states (as it makes sense) that only & " < > are to be escaped.

Also, the reference implementation allows you to override escaping rules: https://github.com/mustache/mustache/blob/master/lib/mustache.rb#L205

And the function it uses by default (http://ruby-doc.org/stdlib-1.9.3/libdoc/cgi/rdoc/CGI.html#method-c-escapeHTML) escapes only & " < >.

In fact, your current implementation is not implementing the spec correctly, you are escaping far too many things.

from bbmustache.

@filmor
Thank you for the information.
I trust the man page and the demo page, and did not look at the spec.
Sorry, it is my mistake.

I will make the modification in accordance with the spec.
(It also included other than html escaping.)

@dzimi
Do you is also good with this?

from bbmustache.

@filmor : great job ! The demo version works with mustache.js which escapes following characters:

  var entityMap = {
"&": "&",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
**"/": '&#x2F;'**

};

Ruby :

TABLE_FOR_ESCAPE_HTML__ = {
"'" => ''',
'&' => '&',
'"' => '"',
'<' => '&lt;',
'>' => '&gt;',

}

Python:

def escape(s, quote=True):
"""
Replace special characters "&", "<" and ">" to HTML-safe sequences.
If the optional flag quote is true (the default), the quotation mark
characters, both double quote (") and single quote (') characters are also
translated.
"""
s = s.replace("&", "&amp;") # Must be done first!
s = s.replace("<", "&lt;")
s = s.replace(">", "&gt;")
if quote:
    s = s.replace('"', "&quot;")
    s = s.replace('\'', "&#x27;")
return s

As you can see , Ruby and Python does not escpae "/" , but js does. I think the strongest argument is the spec . So I agree with @filmor , lets straighten it out.

from bbmustache.

I fix this.
Please use the v1.2.0.
https://github.com/soranoba/bbmustache/releases/tag/v1.2.0

from bbmustache.