Mustache.js: replacement of < and > with &lt; and &gt;

Created on 5 Aug 2011  ·  5Comments  ·  Source: janl/mustache.js

Some of my data objects use ready HTML with regular tags surrounded by "<" and ">" . Mustache.js converts these to &lt; and &gt;. Doing a String.replace(/&gt;/g,'>').replace(/&lt;/g,'<') on the resultant output introduces a lot of lag.

Is this is expected behavior? Can it be changed to preserve the <'s and >'s? Should these symbols be escaped somehow?

picture amper5and

Most helpful comment

Outputting data with {{data}} (double mustache) always escapes html characters. Use {{{data}}} (triple mustache) if you don't want it escaped.

picture thedufer on 8 Aug 2011
3

All 5 comments

Outputting data with {{data}} (double mustache) always escapes html characters. Use {{{data}}} (triple mustache) if you don't want it escaped.

thedufer picture thedufer on 8 Aug 2011
3

oh, cool! I didn't know that. thanks, thedufer.

amper5and picture amper5and on 8 Aug 2011

@amper5and: Note that if you use {{{ data }}} it's _your_ responsibility to make sure you're not creating XSS or CSRF vulnerabilities, as you're bypassing the mechanism designed to prevent that :)

bobthecow picture bobthecow on 8 Aug 2011

Also, I believe the syntax {{&data}} is equivalent, although I've never used it.

thedufer picture thedufer on 8 Aug 2011
👍1

that cool👍!!!

githubwangxu picture githubwangxu on 17 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

barbalex picture barbalex  ·  5Comments
chlab picture chlab  ·  11Comments
funston picture funston  ·  7Comments
rlightner picture rlightner  ·  7Comments
Immortalin picture Immortalin  ·  12Comments