Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong escape in HTML comments #87

Closed
nechutny opened this issue Oct 13, 2015 · 0 comments

Comments

Projects
None yet
1 participant
@nechutny
Copy link

commented Oct 13, 2015

Hi,

when i have "-" in url (eg. http://localhost/repo-branch/), then latte generate wrong urls in HTML comment. This is important, because comments are used for including JS for IE etc. It add space after each "-". I think, that correct behavior is add space only to "-->" sequence. Because now this latte code produce wrong output.

<!--[if lt IE 9]>
    <script src="{$baseUri}/vendor/html5shiv/dist/html5shiv-printshiv.js"></script>
<![endif]-->


<!--[if lt IE 9]>
    <script src="http://localhost/fdv- master/vendor/html5shiv/dist/html5shiv-printshiv.js"></script>
<![endif]-->

Workaround is |noescape, but it is potential security hole.

@dg dg closed this in 1fce3e7 Oct 13, 2015

dg added a commit that referenced this issue Oct 13, 2015

dg added a commit to nette/nette that referenced this issue Dec 3, 2015

dg added a commit to nette/nette that referenced this issue Dec 3, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.