HTML Escaping in Handlebars
Published at: 2017-01-01
When setting up this microblog I observed handlebars offers a neat built-in security feature: Automatic HTML Escaping for interpolated strings.
Meaning the following string being stored as html_fragment
:
<p>This is some html-fragment I'd like to place into a html-layout-file</p>
being interpolated in:
<!DOCTYPE html>
…
{{ html_fragment }}
…
would result in:
<!DOCTYPE html>
…
<>This is some html-fragment I'd like to place into a html-layout-file<>
…
While I love the built-in default security behavior you sometimes want to disable it.
Achieving this is quite easy, with the triple-stash
:
<!DOCTYPE html>
…
{{{ html_fragment }}}
…
results in:
<!DOCTYPE html>
…
<p>This is some html-fragment I'd like to place into a html-layout-file</p>
…