Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

escape values when using json filter #540

Merged
merged 1 commit into from
Feb 10, 2015
Merged

escape values when using json filter #540

merged 1 commit into from
Feb 10, 2015

Conversation

jimmyhchan
Copy link
Contributor

Since most templates write into html context or worse, a script tag, let's add a few extra characters to escape.

slight refactor to expose a dust.escapeJSON method

<script> var x = {foo|js}</script>

sethkinast
sethkinast reviewed Feb 5, 2015
View reviewed changes
test/jasmine-test/spec/coreTests.js
name: "escapeJSON filter with bad characters",
source: "{obj|js|s}",
context: { obj: { name: "<<\u2028testLS \u2029testPS"} },
expected: '{"name":"&lt;&lt;\\u2028testLS \\u2029testPS"}',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems non-ideal. Now there's no way for me to get angle bracket literals when using |js, even if I explicitly say I want to turn off HTML escaping.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahhh.. that's cause i did it wrong... it should have been replaced with \u003c

@sethkinast
Copy link
Contributor

Ahh, that's better. Yeah, this seems reasonable to me. Anywhere you are using |js currently shouldn't be affected by this change.

👍 from me

prashn64 added a commit that referenced this pull request Feb 10, 2015
@prashn64
Merge pull request #540 from jimmyhchan/jsonbadchar
56f90ed 
escape values (\u2028, \u2029 and <) when using json filter
@prashn64 prashn64 merged commit 56f90ed into linkedin:master Feb 10, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jimmyhchan @sethkinast @prashn64