autoescape is broken #4

Closed
shamrin opened this Issue Jul 19, 2012 · 0 comments

Comments

Projects
None yet
2 participants
Contributor

shamrin commented Jul 19, 2012

template = ck.compile -> h2 "Hi, #{@name}"
context = {name: 'Bobby <script>alert("Hacked!")</script>'}
console.log template {context, autoescape: on}

throws

ReferenceError: esc is not defined
    at nest (.../node_modules/ck/lib/ck.coffee:46:41)

shamrin added a commit to shamrin/ck that referenced this issue Jul 20, 2012

aeosynth added a commit that referenced this issue Aug 10, 2012

Merge pull request #6 from shamrin/autoescape
Fix autoescape (#4), ignore non-strings (#3)

@aeosynth aeosynth closed this Aug 10, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment