Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Escape HTML Value meaning?

Tags:

javascript

html

handlebars.js

Handlebars HTML-escapes values returned by a {{expression}}. If you don't want Handlebars to escape a value, use the "triple-stash", {{{

What does it mean to HTML-escape a value?

like image 778
Peeper Avatar asked Jan 30 '18 23:01

Peeper

3 Answers

The following characters are reserved in HTML and must be replaced with their corresponding HTML entities: ~(Online HTML Formatter)

  • " is replaced with "
  • & is replaced with &
  • < is replaced with &lt;
  • > is replaced with &gt;

Examples say more than a thousand words:

var source   = $("#template").html(); 
var template = Handlebars.compile(source); 

var data = {
  escaped   : '{{}}',
  notescaped: '{{{}}}',
  html      : "<a href='https://google.com/'>Google <strong>Search</strong></a>",
}

$('body').append(template(data));
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.11/handlebars.min.js"></script>
<script id="template" type="text/x-handlebars-template">

<h4>Escaped HTML double curly brackets: <code>{{escaped}}</code></h4>
{{html}}
<p>It's just non interactive string</p>

<hr>

<h4>Not escaped HTML tripple curly brackets: <code>{{notescaped}}</code></h4>
{{{html}}}

<p>It basically ends up as parsed HTML</p>




</script>

And then, handlebarsjs.com on the matter is a good read, too.

like image 110
wscourge Avatar answered Oct 05 '22 22:10

wscourge

If you have a string like <br> in your expression, using two brackets ({{ expression }}) would convert that <br> into an HTML break element.

But if you use three brackets ({{{ expression }}}), then the <br> would print how it appears and would not be converted into an HTML element.

like image 45
bwalshy Avatar answered Oct 05 '22 23:10

bwalshy

From their documentation:

If you look at the h1 tag, the <p> tag is escaped and so its displayed as &lt;p&gt;

If you look at the body tag, because of {{{}}} the string is displayed however it is. the first <p> tag and last </p> closing tags are not escaped.

<div class="entry">
  <h1>{{title}}</h1>
  <div class="body">
    {{{body}}}
  </div>
</div>

and the values of title and body are as follows 

{
  title: "All about <p> Tags",
  body: "<p>This is a post about &lt;p&gt; tags</p>"
}

The resulting is:

<div class="entry">
  <h1>All About &lt;p&gt; Tags</h1>
  <div class="body">
    <p>This is a post about &lt;p&gt; tags</p>
  </div>
</div>
like image 29
Arun Gopinathan Avatar answered Oct 05 '22 23:10

Arun Gopinathan

Sign in to Comment

Related questions

Convert base64 string to image in angular 4
Sequelize: difference of DataTypes and Sequelize
Pako not able to deflate gzip files generated in python
Angular 5 with es5
Cloud Functions for Firebase: how to use a Transaction promise?
Running tests .mjs / ESM on Node using Jasmine or any other alternative
Angular - How can I activate AUX route with lazy loaded module?
Why is my map() with spread syntax not working?
How to pass the event target as $emit argument in VueJS2?
React backgroundImage inline style not working
Loop over object es6
Falsy values in JSX react
How to pass information to nested components in react?
React list with no keys
Node 8 + Typescript + Koa + koa-Router throws "TypeError: ctx.onerror is not a function"
Google calendar API and node js - "googleAuth is not a constructor" issue
JavaScript array `push` with square brackets instead of parentheses - no error?
when to use componentWillMount instead of componentDidMount
Button Vs Links in a SPA such as React
CORS Errors only with 400 bad request react fetch request

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!