Unescape HTML in Ember Helpers

Question

Unescape HTML in Ember Helpers

I have the following helper in my Ember app:

Ember.Handlebars.helper "social_profiles", ((person) ->
  person.social_profiles.map (item) ->
    " <a href=''> #{item.type_name}</a>"
), "social_profiles"

Each time I call the helper, it returns an escaped string, but I would like ember to display HTML links.

How can i achieve this?

+4

ember.js

Kenny meyer Oct 23 '13 at 2:21

source share

2 answers

@Ryan answer

Ember.Handlebars.helper "social_profiles", ((person) ->
  return new Handlebars.SafeString person.social_profiles.map (item) ->
    " <a href=''>#{item.type_name}</a>"
), "social_profiles"

0

Shepmaster 14 . '17 20:47

Ryan · Accepted Answer · 2013-10-23T02:36:09+0000

You can mark a string as safe with new Handlebars.SafeString("<b>hello world</b>"). The steering will now not disappear.

However, you must be sure that your string is safe. As you pass in item.type_name, which may contain malicious code that would not be caught, as you declare the string as safe.

To solve this problem, first open the user input, and then wrap it in a tag that is marked for safe use.

:

Ember.Handlebars.registerHelper('boldItem', function(item) {
  var escaped = Handlebars.Utils.escapeExpression(item);
  return new Handlebars.SafeString("<b>" + escaped + "</b>");
});

Unescape HTML in Ember Helpers

More articles: