Search code examples
haxeufronterazor

How can I HTML escape in Erazor?

I'm new to Haxe, and I'm trying to experiment with Ufront.

I got a problem using Erazor templates: I don't understand how to escape HTML when outputting variables.

With this simple template:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <title>Users list</title>
</head>
<body>
    <ul>
        @for(user in users)
        {
            <li>@user.name</li>
        }
    </ul>
</body>

</html>

If any of the users has name '<script>', then the template will simply output <script> for its name.

How can I properly HTML escape in Erazor?

Solution

  • Ufron automatically includes the helper class that contains the desired method:

    <li>@Html.encode(user.name)</li>