Menu
I'm using EJS with a Node.js web server I'm building. I see many EJS examples that sometimes use <%= when outputting HTML or strings, while other examples (sometimes within the same template) use <%-.
I tried to reference the EJS docs and getting started guide, but both gave no info about the <%- notation. Also, my Google search attempts yielded nothing useful. Thanks!
372
With <%= you if would render some variables that holds a string that holds HTML code, it would not render that HTML code but render it as text to avoid cross-site scripting attacks. With a minus ( <%- ) you can avoid this, and really render the HTML code.
The following is from ejs docs (tag section): <% 'Scriptlet' tag, for control-flow, no output. <%= Outputs the value into the template (HTML escaped) <%- Outputs the unescaped value into the template.
According to the StackShare community, Pug has a broader approval, being mentioned in 230 company stacks & 608 developers stacks; compared to EJS, which is listed in 9 company stacks and 13 developer stacks.
The version of EJS you're likely using in Node is not the same as the version you see on Google code; in the Node version, <%= escapes the HTML going into the buffer, while <%- does not. source
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
