String identity template tag
Isiah Meadows
isiahmeadows at gmail.com
Fri Dec 14 17:33:10 UTC 2018
I'll admit that HTML escaping tag was probably a bad example. It was just
for show, nothing more, and obviously I wouldn't recommend it for
production.
On Thu, Dec 13, 2018 at 14:00 Mark Miller <erights at gmail.com> wrote:
> As a completely separate point, this way of escaping html is not context
> sensitive, and likely horribly unsafe. Much of the motivation for template
> literals in the first place is to support context sensitive escaping, where
> the escaping of the x data in
>
> ```js
> safeHTML`....${x}....`
> ```
>
> depends on where in the html parsing of the literal parts it is
> encountered. See the work of Mike Samuel (cc'ed).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20181214/1007b823/attachment.html>
More information about the es-discuss
mailing list