my variable contains a string with an apostrophe or a single quote '
i'd like to display it with EJS.
I use
<img class="card-img-top" src='<%= data[i][0].omdb.Poster %>' alt='<%= data[i][0].omdb.Title; %>'>
When data[i][0].omdb.Title; contains an apostrophe, HTML is broken.
<%= is known to escape html. But not single quote!
How to do it? Any idea please?
I can't find anything on ejs doc.
<%= is known to escape html. But not single quote! How to do it?
Use double quotes around your attributes. Then single quotes won't matter.
(If you really want to use ' then you can do ...Poster.replace(/'/g, "'")).
Related
When I have doble marks encoded in my HTML attributes, tinymce breaks that attributes.
For example:
data-value="ab"e;----"e;"> will be seen in source code: <div data-type="more-posts" data-value="ab">Hello</div>
http://codepen.io/anon/pen/MKYrbJ
How can I fix this?
If you would have real double quotes here your HTML would not be valid anymore because attributes use them.
It will be best do handle those when you save that content to your database.
You could replace them with single quotes - those wouldn't break the markup.
From the documentation, I believed that Html(value) is sufficient escaping for HTML and Javascript. But this code lets HTML tags pass without escaping.
<ul>
#*here is the loop*#
#nodes.map{ n =>
<li> #Html( n) </li> }
</ul>
Please give the code that will sufficiently escape HTML and Javascript (and all other dangerous things) before rendering the view.
I believe it's the opposite. the Html function outputs the raw string without escaping it. By default Play escapes dynamic content that's inserted into the templates. See the section on Escaping in the documentation.
Trying to get a mode to work with silverstipe templates, but <% end_control %> breaks the indentation, but <% nd_control %> does not. It must be the "<% end", but I'm stuck on how to fix it.
I'm guessing this will be the part tripping it up end_[a-zA-Z1-9_.]*
I'm no lisp or regex expert. But I would suspect end_[:alpha:]+ should work. After taking a look at the emacs regex docs http://www.emacswiki.org/emacs/RegularExpression
You should be able to do without _ or . If you wanted to include the fullstop in the match I think you'll need double backslash \. But I can't think of an example when SS uses this in a closing template statement. And the underscore should already be matched with end_
I have rather silly problem.
Struts2 property tag doesn't escape single quote ('). Such behavior breaks my JavaScript code.
It does do escape double quote (") using html entities, but not single quote (').
Is there any possibility to force property tag to replace single quote with appropriate html entity?
Example, string replaced with html entities.
Отредактированное событие с кавычкой "
The same with single qoute:
Отредактированное событие с кавычкой '
Is there any possibility to overcome such difficulty using standard approach? I wouldn't like to write some custom code.
You're in luck! By default, the tag only escapes HTML, but you can have it escape JavaScript too:
<s:property value="yourValue" escapeJavaScript="true"/>
When I type attribute in tag Netbeans automatically add two quotes:
<form method="|">
I want to make it use single quotes:
<form method='|'>
From my answer to a very similar question:
Type something like <div class= now your cursor should be in between two quote or double quote characters. You can now type the other type of quote character and it will change your preference.
I'm afraid, but it's pretty sure that double quotes are hard-coded into NetBeans.