Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escaping bare attributes content #48

Closed
elia opened this issue Feb 26, 2016 · 2 comments
Closed

Escaping bare attributes content #48

elia opened this issue Feb 26, 2016 · 2 comments

Comments

@elia
Copy link

elia commented Feb 26, 2016

Passing signed_in_html as an attribute value directly doesn't properly escape it

    - signed_in_html  = render('application/header_signed_in')
    .account.js-account(data-signed-in-html=signed_in_html)

instead it seems to work when used in an interpolated string:

    - signed_in_html  = render('application/header_signed_in')
    .account.js-account(data-signed-in-html="#{signed_in_html}")
@eagletmt
Copy link
Owner

Fixed in v0.8.1

@elia
Copy link
Author

elia commented Mar 6, 2016

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elia @eagletmt