I want to escape the html in bloglist[i].Text field. How to do that with EJS?
<!DOCTYPE html> <html> <head> <title><%= title %></title> <link rel='stylesheet' href='/stylesheets/style.css' /> </head> <body> <h1><%= title %></h1> <p>Welcome to <%= title %></p> <% for(var i=0; i < bloglist.length; i++) { %> <h3> <%= bloglist[i].Title %></h3> <div> <%= bloglist[i].Text %> </div> <% } %> </body> </html>
If you want to render a static page then go for an HTML file and if you want to render a dynamic page where your data coming from various sources then you must choose an EJS file. Good for the static web page.
escape( ) function is used to produce a percent-encoded query string from a normal string. This method is very similar to the browser's encodeURIComponent functions. This method performs percent-encoding on the given string it means it encodes any string into a URL query string by using the % symbol.
Escape characters will always begin with the ampersand symbol (&) and end with a semicolon symbol (;). The characters in between the ampersand and semicolon make up the specific code name or number for a particular character.
You are escaping the value correctly by using:
<%= bloglist[i].Text %>
If you want to allow HTML to be rendered, then you want an "unescaped" value. To do that use the following:
<%- bloglist[i].Text %>
All I did was replace the equal (=) with a dash (-).
Reference: https://github.com/visionmedia/ejs/tree/0.8.3#features
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With