ember.js - How to stop Ember.Handlebars.Utils.escapeExpression escaping apostrophes -


i'm new ember, i'm on v1.12 , struggling following problem.

  • i'm making template helper
  • the helper takes bodies of tweets , html anchors around hashtags , usernames.

the paradigm i'm following is:

  1. use ember.handlebars.utils.escapeexpression(value); escape input text
  2. do logic
  3. use ember.handlebars.safestring(value);

however, 1. seems escape apostrophes. means sentences pass escaped characters. how can avoid whilst making sure i'm not introducing potential vulnerabilities?

edit: example code

export default ember.handlebars.makeboundhelper(function(value){   // make sure we're safe kids.   value = ember.handlebars.utils.escapeexpression(value);   value = addurls(value);   return new ember.handlebars.safestring(value); });

where addurlsis function uses regex find , replace hashtags or usernames. example, if given #emberjs foo return <a href="blah">#emberjs</a> foo.

the result of above helper function displayed in ember (htmlbars) template.

escapeexpression designed convert string representation which, when inserted in dom, escape sequences translated browser, result in original string. so

"1 < 2"

is converted into

"1 &lt; 2"

which when inserted dom displayed 

1 < 2

if "1 < 2" inserted directly dom (eg innerhtml), cause quite bit of trouble, because browser interpret < beginning of tag.

so escapeexpression converts ampersands, less signs, greater signs, straight single quotes, straight double quotes, , backticks. conversion of quotes not necessary text nodes, attribute values, since may enclosed in either single or double quotes while containing such quotes.

here's list used:

var escape = {   "&": "&amp;",   "<": "&lt;",   ">": "&gt;",   '"': "&quot;",   "'": "&#x27;",   "`": "&#x60;" };

i don't understand why escaping of quotes should causing problem. presumably you're doing escapeexpression because want characters such < displayed when output template using normal double-stashes {{}}. precisely same thing applies quotes. may escaped, when string displayed, should display fine.

perhaps can provide more information input , desired output, , how "printing" strings , in contexts seeing escaped quote marks when don't want to.


-

Comments

Post a Comment

Popular posts from this blog

facebook - android ACTION_SEND to share with specific application only -

in android application have 4 buttons facebook , viber , telegram , whatsapp , want share different content based on each button. for example if user clicks on viber button want user action_send share content viber only. i found this explains how facebook , twitter seems it's calling specific class name of application don't know applications wanna use except facebook. all android apps have unique id, first have check if these apps installed in user's device , can pass unique id via intent sharing. according below: unique ids different apps : viber : com.viber.voip telegram : org.telegram.messenger whatsapp : com.whatsapp check if these apps installed , if installed send messages through intent. private void sendmessage(context context,string message, string appids) { final boolean isappinstalled =isappavailable(context, appids); if (isappinstalled) { intent myintent = new intent(intent.action_send); myintent.settype("text/p...
Read more

python - Creating a new virtualenv gives a permissions error -

i'm getting following output when running virtualenv newvenv . traceback (most recent call last): file "/usr/local/bin/virtualenv", line 5, in <module> pkg_resources import load_entry_point file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2727, in <module> add_activation_listener(lambda dist: dist.activate()) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 700, in subscribe callback(dist) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2727, in <lambda> add_activation_listener(lambda dist: dist.activate()) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2227, in activate self.insert_on(path) file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2334, in insert_on self.check_version_conflict() file "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2373, in check_version_conflict...
Read more

javascript - cocos2d-js draw circle not instantly -

i wondering how draw circles (or other shapes also) not instantly. so far tried drawcircle(args...) in ccdrawnode.js , drawcircle(args...) in cc.drawingprimitivecanvas class, , draw circles popping out instantly on screen. what if want achieve effect circular progressive bar, completes circle based on percentage of initialization? or more generally, if want draw circle respect prolonged period? thinking there drawcircle function elapsed time argument fail find any. or have implement own? thanks suggestions, far out of ideas. i think have implement own. think can achieve update circle drawing on each time update() function called.
Read more