Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Escaping bug
See original GitHub issue1st problem
1.
Params
{
text: '<script>alert(1)<\/script>'
}
Template
{{text}}
Output
Empty string
2.
Params
{
text: '<foo>alert(1)<\/foo>'
}
Template
{{text}}
Output
alert(1)
3.
Params
{
text: '<foo>alert(1)</foo>'
}
Template
{{text}}
Output
<foo>alert(1)</foo>
Expected
Output
<foo>alert(1)</foo>
For all use-cases!
2nd problem
Params
{
text: '<foo>alert(1)</foo>'
}
Template
{{{text}}}
Output
Error
Expected
<foo>alert(1)</foo>
Should work like Handlebars
Issue Analytics
- State:
- Created 8 years ago
- Comments:10 (5 by maintainers)
Top Results From Across the Web
Bug Escapes And The Definition Of Done
And that doesn't even mean they had no bugs, it means they did not have bugs nasty enough to shut the party down....
Read more >How to Measure Defect Escape Rate to Keep Bugs Out of ...
The key to tracking your defect escape rate is tracking all defects that are found in your software. This includes issues found during...
Read more >Escaping Bugs Bottle Quilt Pattern for Paper Piecing PDF 49 X
Instant download PDF for paper piecing. Finished quilt size: about 49 X 58 inches (125 cm x 147 cm) Sew your own Escaping...
Read more >Critical Open Source vm2 Sandbox Escape Bug Affects Millions
Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox...
Read more >How to establish better tracking of escaped bugs?
This is process related - nothing you can solve as regular QA tester. Your QA manager need to talk to DEV manager how...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Can we please have autoescaping turned on by a global option (so it doesn’t break legacy code)? Something like:
Template7.setAutoEscaping(true);It would also require to provide a way not to escape a value - Handlebars uses “triple-stash”
{{{ ... }}}andHandlebars.SafeString()in helpers.But at the moment is not an option as it is heavily used in Framework7, where i will need to up a major version too then )