-
-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatic output escaping #500
Automatic output escaping #500
Comments
Makes sense. This option makes templates safer. |
🎉 This issue has been resolved in version 9.37.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Now it's supported on v9.37.0. I created some test cases here: liquidjs/test/integration/liquid/outputEscape.ts Lines 4 to 42 in f88490c
And you may also need this |
This is such great news. Thank you very much. This will be so much cleaner than my hack. I wasn't expecting you to add this feature so soon so I registered a tag that would add the "| escape" filter to all output tokens. 😂 By the way, one observation regarding the docs: https://liquidjs.com/tutorials/parse-parameters.html The docs instruct to create a new tokenizer like so: |
BREAKING CHANGE: use `operators` instead of `operatorsTrie` as Tokenizer constructor argument, #500
BREAKING CHANGE: use `operators` instead of `operatorsTrie` as Tokenizer constructor argument, #500
# [10.0.0](v9.43.0...v10.0.0) (2022-11-27) ### chore * rename filters to snake style, [#487](#487) ([ff112a4](ff112a4)) ### Code Refactoring * `_evalToken` renamed to `evalToken` ([4e1a30a](4e1a30a)) * change `ownPropertyOnly` default value to `true` ([7eb6216](7eb6216)) * delay creation of `operatorsTrie` and hide this implementation ([bb58d3e](bb58d3e)) * remove `toThenable` export ([ffefd91](ffefd91)) * remove use of internal `Context` class in `evalValue` argument ([b115077](b115077)) ### Performance Improvements * target Node.js 14 for cjs bundle (main entry) ([1f6ce7c](1f6ce7c)) ### BREAKING CHANGES * `evalToken` now returns a generator (LiquidJS async), which is different from `evalToken` in previous LiquidJS versions. * main entry need Node.js>=14 to run, you can build LiquidJS by your own by using ESM entry. * `ownPropertyOnly` default value changed to `true` * `<liquidjs>.toThenable` is removed, use `<liquidjs>.toPromise` instead * `evalValue` won't support `Context` as second argument anymore. * use `operators` instead of `operatorsTrie` as Tokenizer constructor argument, #500 * keys in `<liquidjs>.filters` are now in snake case (instead of camel case), identical to that in Liquid template.
Another option would be to do what Handlebars does:
|
Hello,
As far as I understand, there is no auto-escape mechanism built into liquidjs. Would it be possible to provide an option that would enable auto-escaping of any output rendered by
{{ value }}
?My use case is that users will write .liquid templates for rendering HTML, JSON, etc. Requiring the users to make sure that every single output is escaped properly (e.g.
{{ x | escape}}
for HTML, or{{ x | json}}
for JSON) is tedious and confusing.Would you be willing to add an option that takes a function which will be applied on every output? (e.g.
{autoEscape: (val: any) => any}
)The text was updated successfully, but these errors were encountered: