Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to escape HTML in node.js EJS view?

Tags:

html

node.js

ejs

I want to escape the html in bloglist[i].Text field. How to do that with EJS?

<!DOCTYPE html> <html>   <head>     <title><%= title %></title>     <link rel='stylesheet' href='/stylesheets/style.css' />   </head>   <body>     <h1><%= title %></h1>     <p>Welcome to <%= title %></p>     <% for(var i=0; i < bloglist.length; i++) { %>        <h3> <%= bloglist[i].Title %></h3>        <div>           <%= bloglist[i].Text %>        </div>     <% } %>   </body> </html> 
like image 576
marko Avatar asked Apr 24 '13 05:04

marko


People also ask

Can I use EJS instead of HTML?

If you want to render a static page then go for an HTML file and if you want to render a dynamic page where your data coming from various sources then you must choose an EJS file. Good for the static web page.

How do I escape node JS?

escape( ) function is used to produce a percent-encoded query string from a normal string. This method is very similar to the browser's encodeURIComponent functions. This method performs percent-encoding on the given string it means it encodes any string into a URL query string by using the % symbol.

How do you escape an element in HTML?

Escape characters will always begin with the ampersand symbol (&) and end with a semicolon symbol (;). The characters in between the ampersand and semicolon make up the specific code name or number for a particular character.


1 Answers

You are escaping the value correctly by using:

<%= bloglist[i].Text %> 

If you want to allow HTML to be rendered, then you want an "unescaped" value. To do that use the following:

<%- bloglist[i].Text %> 

All I did was replace the equal (=) with a dash (-).

Reference: https://github.com/visionmedia/ejs/tree/0.8.3#features

like image 171
Julian Lannigan Avatar answered Oct 13 '22 23:10

Julian Lannigan