Comments (10)
Hi, @dzimi
I think that the backward compatibility is important.
If I change the interface of function, I will do a major update.
However, I think that this case is fix the bug.
(Please check the demo page if necessary)
If it will found different behaviors as demo page, I would regard as bug and fix it.
Therefore, please use the {{{ key }}}
, If you do not want to escape in any case.
In addition, escape is specifications of the mustache. So, I am negative that it be added unescape option...
from bbmustache.
Thanks, I get it. The slash char was not escaped in previous versions and it was a bug. I made an issue on rebar3 erlang/rebar3#1264. Due to this bug in < v1.1.0, is quite risky to upgrade the bbmustache version, because path variables in form {{ path }}
will be escaped. But it is the problem of rebar3 ...
from bbmustache.
Couldn't you just make this behaviour optional? Why do you need to escape slashes anyhow?
from bbmustache.
@filmor
bbmustache must conform to the specifications of the mustache.
If bbmustache has the option, it will happen that someone want to escape and use the {{key}}
, but generated text is not escape (In other words, contrary to the specification !!).
So, when I allow this, bbmustache won't be worth.
from bbmustache.
I agree with @soranoba. I think that this issue can be closed and issue erlang/rebar3#1264 should be resloved instead.
from bbmustache.
That's right. I will close this issue. thanks!!
from bbmustache.
Wait a second, where in the spec does it say, that the forward slash is to be escaped? Here it actually states (as it makes sense) that only & " < >
are to be escaped.
Also, the reference implementation allows you to override escaping rules: https://github.com/mustache/mustache/blob/master/lib/mustache.rb#L205
And the function it uses by default (http://ruby-doc.org/stdlib-1.9.3/libdoc/cgi/rdoc/CGI.html#method-c-escapeHTML) escapes only & " < >
.
In fact, your current implementation is not implementing the spec correctly, you are escaping far too many things.
from bbmustache.
@filmor
Thank you for the information.
I trust the man page and the demo page, and did not look at the spec.
Sorry, it is my mistake.
I will make the modification in accordance with the spec.
(It also included other than html escaping.)
@dzimi
Do you is also good with this?
from bbmustache.
@filmor : great job ! The demo version works with mustache.js which escapes following characters:
var entityMap = {
"&": "&",
"<": "<",
">": ">",
'"': '"',
"'": ''',
**"/": '/'**
};
Ruby :
TABLE_FOR_ESCAPE_HTML__ = {
"'" => ''',
'&' => '&',
'"' => '"',
'<' => '<',
'>' => '>',
}
Python:
def escape(s, quote=True):
"""
Replace special characters "&", "<" and ">" to HTML-safe sequences.
If the optional flag quote is true (the default), the quotation mark
characters, both double quote (") and single quote (') characters are also
translated.
"""
s = s.replace("&", "&") # Must be done first!
s = s.replace("<", "<")
s = s.replace(">", ">")
if quote:
s = s.replace('"', """)
s = s.replace('\'', "'")
return s
As you can see , Ruby and Python does not escpae "/" , but js does. I think the strongest argument is the spec . So I agree with @filmor , lets straighten it out.
from bbmustache.
I fix this.
Please use the v1.2.0.
https://github.com/soranoba/bbmustache/releases/tag/v1.2.0
from bbmustache.
Related Issues (20)
- Allow disabling of html escaping HOT 5
- Tag lookup doesn't descend the context stack HOT 3
- Escaping overlay vars (mustache variables) inside template files HOT 2
- Bug? intra-tag whitespace not rendering HOT 1
- Exception on missing key HOT 5
- Crash under certain conditions HOT 1
- Fix documentation link on Hexpm HOT 3
- Wrong filename for missing include errors HOT 5
- Incompatible typespecs HOT 4
- Rendering a template always accesses file on disk HOT 2
- Adding custom serialization functions to bbmustache. HOT 5
- Use a fun as Data HOT 4
- Allow array access for lists HOT 6
- Wrong parsing when closing tag is on separate line HOT 2
- Feature request: Allow getting partials from other sources HOT 3
- Run bbmustache from command line HOT 4
- Problems loading partials on Elixir project HOT 2
- Unicode support in value fetching. HOT 1
- Variable test not matching spec HOT 4
- Anyway to skip over unclosed tags? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbmustache.