Escaping HTML
GoogleCodeExporter opened this issue · comments
Is it possible to escape/sanitize code, similar to Rails? Example:
<%=h(data) %>,
or
<%=sanitize(data) %>
or probably just a double percentage?
<%%= data %>
I feel this is pretty important feature to have.
Original issue reported on code.google.com by assortme...@gmail.com
on 7 Nov 2010 at 3:36
i think -- good (safety) solution will be: BY DEFAULT <%=data %> means
need_to_html_escape_mode
...and special mark for NON_NEED_to_html_escape_mode
Original comment by polymor...@gmail.com
on 25 Jul 2011 at 1:31