Escaping HTML

Question

Escaping HTML

GoogleCodeExporter opened this issue 8 years ago · comments

Google Code Exporter commented 8 years ago

Is it possible to escape/sanitize code, similar to Rails? Example:

<%=h(data) %>,
or
<%=sanitize(data) %>
or probably just a double percentage?
<%%= data %>

I feel this is pretty important feature to have.

Original issue reported on code.google.com by assortme...@gmail.com on 7 Nov 2010 at 3:36

Google Code Exporter · Answer 1 · Sun Feb 07 2016 11:48:55 GMT+0800 (China Standard Time)

i think -- good (safety) solution will be: BY DEFAULT <%=data %> means 
need_to_html_escape_mode

...and special mark for NON_NEED_to_html_escape_mode

Original comment by polymor...@gmail.com on 25 Jul 2011 at 1:31