htmlSafe vs {{{ }}}
See original GitHub issueQuestion:
In my .hbs files, is there an advantage to passing htmlSafe=true, as opposed to just wrapping the whole thing in tripple braces? Both do the trick.
Eg:
{{t 'onboarding.step2.verifyLink' helpCenterUrl=helpCenterUrl htmlSafe=true}}
vs
{{{t 'onboarding.step2.verifyLink' helpCenterUrl=helpCenterUrl}}}
Issue Analytics
- State:
- Created 5 years ago
- Comments:12 (6 by maintainers)
Top Results From Across the Web
htmlSafe - 4.8 - Ember API Documentation
A word of warning - The htmlSafe method does not make the string safe; it only tells the framework to treat the string...
Read more >raw vs. html_safe vs. h to unescape html - Stack Overflow
Considering Rails 3: html_safe actually "sets the string" as HTML Safe (it's a little more complicated than that, but it's basically it).
Read more >Replaces htmlSafe import incorrectly · Issue #85 - GitHub
The codemod inserts import { htmlSafe } from '@ember/template' but it ... And @ember/template gives me a 'module not found' at runtime.
Read more >Found unsafe method htmlSafe() JS-S1007 - DeepSource
Issue JS-S1007: Found unsafe method `htmlSafe()` ... especially if the string was generated from user input or some other untrusted source.
Read more >Phoenix.HTML v3.2.0 - HexDocs
HTML Safe. One of the main responsibilities of this module is to provide convenience functions for escaping and marking HTML code as safe....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@sbsurf no “built-in” way but this should achieve what you want.
I don’t see a downside to this so long as you trust whoever is authoring translations 😃
Triple curlies are really unsafe, take the following example:
This will evaluate the entire translation output, including the
name
argument, as HTML. You’ll see the alert fires.htmlSafe
is different in that it only treats the translation itself, not the argument values, as HTML. Every argument passed into thet
helper is then escaped.Would escape
name
but treat the rest of the translation output as htmlSafe.