Handlebarsjs模板&使用html内容 [英] Handlebarsjs Templates & using html content
问题描述
< div>所以,我有一个相当简单的句柄模板,它的外观如下所示:
{{include_text}}
< / div>
我试图插入一些html:
<表>
....大量表格内容
< / table>
当我在模板中使用表格时,得到的结果如下所示:
< div>
& lt; table& gt;
...大量表格内容
& lt; / table& gt;
< / div>
我想:
< DIV>
< table>
....大量表格内容
< / table>
< / div>
这可能吗?如果是这样,怎么样?
手把(和小胡子)转义双胡须。
使用三元组
{{{include_text}}}
从官方的GitHub:
默认情况下,{ {expression}}语法将会转义其内容。这有助于保护您免受由服务器以JSON形式传递的恶意数据导致的意外XSS问题。
要明确不转义内容,请使用triple-mustache({{ {}}})。
请注意,如果您的输出包含用户输入的数据,则转义不是仅存在,不转义可能会启用它们执行 XSS 。
So, I've got a fairly straightforward handlebars template which an element that looks like this:
<div>
{{include_text}}
</div>
I am trying to insert some html like:
<table>
....lots of table stuff
</table>
When I use the table with the template, what I get looks like:
<div>
<table>
... lots of table stuff
</table>
</div>
and I want:
<div>
<table>
....lots of table stuff
</table>
</div>
Is this possible? If so, how?
Handlebars (and Mustache) escape the double Mustaches.
Use triple ones
{{{include_text}}}
From the official GitHub:
By default, the {{expression}} syntax will escape its contents. This helps to protect you against accidental XSS problems caused by malicious data passed from the server as JSON.
To explicitly not escape the contents, use the triple-mustache ({{{}}}).
Note, the escaping isn't "just there", if your output contains user-entered data, not-escaping might enable them to perform XSS.
这篇关于Handlebarsjs模板&使用html内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
