escaping html attributes

yaroslav.lapin commented

2024-04-01 07:04:08 +00:00

(Migrated from gitlab.com)

Hey, I didn't see this mentioned in readme, so figured I should ask :) what is the right way to escape html attributes? Usually frameworks will have two functions :) one to escape text, one to escape attributes, well and I guess in case of Go they have like 50 of them :) https://go.dev/src/text/template/funcs.go#L631

nicd commented

2024-04-01 07:21:07 +00:00

Hi!

https://hexdocs.pm/glentities/glentities/html_encoder.html#encode is documented as "Encode text to be safe in the HTML body, inside element or attribute content.", so it should work for attributes. The others will work too, but will create a much larger output. Does this answer your question?

...

Apr 1, 2024 10:04:20 Yaroslav Lapin (@yaroslav.lapin) gitlab@mg.gitlab.com:

/Yaroslav Lapin[https://gitlab.com/yaroslav.lapin] created an issue: #1[https://gitlab.com/Nicd/glentities/-/issues/1]/

Hey, I didn't see this mentioned in readme, so figured I should ask :) what is the right way to escape html attributes? Usually frameworks will have two functions :) one to escape text, one to escape attributes, well and I guess in case of Go they have like 50 of them :) https://go.dev/src/text/template/funcs.go#L631

—
Reply to this email directly or view it on GitLab[https://gitlab.com/Nicd/glentities/-/issues/1].
You're receiving this email because of your account on gitlab.com[https://gitlab.com]. Unsubscribe[https://gitlab.com/-/sent_notifications/REDACTED/unsubscribe] from this thread · Manage all notifications[https://gitlab.com/-/profile/notifications] · Help[https://gitlab.com/help]

Hi! https://hexdocs.pm/glentities/glentities/html_encoder.html#encode is documented as "Encode text to be safe in the HTML body, inside element or attribute content.", so it should work for attributes. The others will work too, but will create a much larger output. Does this answer your question? <details><summary>...</summary> Apr 1, 2024 10:04:20 Yaroslav Lapin (@yaroslav.lapin) <gitlab@mg.gitlab.com>: > /Yaroslav Lapin[https://gitlab.com/yaroslav.lapin] created an issue: #1[https://gitlab.com/Nicd/glentities/-/issues/1]/ > > Hey, I didn't see this mentioned in readme, so figured I should ask :) what is the right way to escape html attributes? Usually frameworks will have two functions :) one to escape text, one to escape attributes, well and I guess in case of Go they have like 50 of them :) https://go.dev/src/text/template/funcs.go#L631 > > — > Reply to this email directly or view it on GitLab[https://gitlab.com/Nicd/glentities/-/issues/1]. > You're receiving this email because of your account on gitlab.com[https://gitlab.com]. Unsubscribe[https://gitlab.com/-/sent_notifications/REDACTED/unsubscribe] from this thread · Manage all notifications[https://gitlab.com/-/profile/notifications] · Help[https://gitlab.com/help] > </details>

yaroslav.lapin commented

2024-04-03 06:09:25 +00:00

(Migrated from gitlab.com)

Thanks, I will try that :) I think that makes sense, but I was worried if there's something that I'm missing :)

nicd closed this issue

2024-06-17 19:23:51 +00:00

escaping html attributes #1