Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape attributes passed to HTML generator #82

Closed
delucis opened this issue Mar 26, 2021 · 1 comment
Closed

Escape attributes passed to HTML generator #82

delucis opened this issue Mar 26, 2021 · 1 comment
Labels
enhancement New feature or request
Milestone
v3.0.0

Comments

@delucis
Copy link

delucis commented Mar 26, 2021
edited
Loading

Would it be beyond the scope of this plugin to escape the attributes passed to Image.generateHTML?

Currently unescaped attributes result in mangled HTML output:

Image.generateHTML(stats, {
  alt: 'Some "unescaped" user content',
});
<!-- Output -->
<img src="/img.png" alt="Some "unescaped" user content" />

This is pretty simple to solve by dropping in an attribute escaping library of one’s choice before passing attributes to generateHTML, but I wondered if it would be a good idea to do this by default? Are there any attributes that generateHTML shouldn’t escape?
@zachleat zachleat added the enhancement New feature or request label Feb 24, 2022
@zachleat zachleat added this to the v3.0.0 milestone Jan 30, 2023
@zachleat
Copy link
Member

This will ship with Eleventy Image v3.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v3.0.0
Development

No branches or pull requests
2 participants
@zachleat @delucis