Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape html characters/tags before updating the templates #24

Open
arsulegai opened this issue Apr 25, 2021 · 6 comments
Open

Escape html characters/tags before updating the templates #24

arsulegai opened this issue Apr 25, 2021 · 6 comments
Assignees
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed

Comments

@arsulegai
Copy link
Member

If HTML tags are not escaped then the generated file from the template would end up in erroneous format.

@arsulegai arsulegai added bug Something isn't working help wanted Extra attention is needed good first issue Good for newcomers labels Apr 25, 2021
@arnabkaycee
Copy link
Member

Can you share an example?

@arsulegai
Copy link
Member Author

The site served here https://arsulegai.github.io/start-here-hyperledger/issues/hyperledger/fabric-sdk-py is corrupted with the template file from https://github.com/arsulegai/start-here-hyperledger/blob/main/templates/issue-template.md

@arnabkaycee
Copy link
Member

I see. I will have have a look at this.

@arnabkaycee
Copy link
Member

arnabkaycee commented May 6, 2021

We are using the https://golang.org/pkg/text/template/ package.
There are two approaches to tackle this problem.

Approach 1:

Approach 2:

  • We can use inline functions in the template like html that escapes html characters. This in my opinion is a better approach and provides more flexibility to the template designer to place the escape functions. If we decide this approach I we need to close the issue here and raising the PR in the other repo.

@arsulegai
Copy link
Member Author

We are using the https://golang.org/pkg/text/template/ package.
There are two approaches to tackle this problem.

Approach 1:

Approach 2:

  • We can use inline functions in the template like html that escapes html characters. This in my opinion is a better approach and provides more flexibility to the template designer to place the escape functions. If we decide this approach I we need to close the issue here and raising the PR in the other repo.

Sure, I see one more problem here. Let's say we are escaping html. md files support these html tags and supports for printing nicer on UI. If the input template is md format then we may need to skip this? What if the input template is of type html? Can we have a test on these?

@arnabkaycee
Copy link
Member

arnabkaycee commented May 6, 2021

We are using the https://golang.org/pkg/text/template/ package.
There are two approaches to tackle this problem.

Approach 1:

Approach 2:

  • We can use inline functions in the template like html that escapes html characters. This in my opinion is a better approach and provides more flexibility to the template designer to place the escape functions. If we decide this approach I we need to close the issue here and raising the PR in the other repo.

Sure, I see one more problem here. Let's say we are escaping html. md files support these html tags and supports for printing nicer on UI. If the input template is md format then we may need to skip this? What if the input template is of type html? Can we have a test on these?


If the input template is md format then we may need to skip this? What if the input template is of type HTML?

I don't think the enclosing template format would make a difference whether we want to escape or not. The problem is the special characters like @,<,>,&. The specific example from the 3rd comment has <,> characters in the log (present in the issue body) and messes with the overall rendering. So, no matter what the template format, HTML or MD, we would still need to escape these special characters, if we want to render them in the browser.

Can we have a test on these?

Sure we can test it locally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants