Safestring in HTMLbars


#1

Hi Community!

I have been eagerly awaiting the HTMLbars release, and now that it’s here I’m thrilled to be able to play around with it.

First problem however, I have faced, is the way I have constructed some of my former Handlebars helpers. In them I have created a bit of HTML which I return with Handlebars.SafeString().

I would imagine that I need to compile the same string using the new “ember-template-compiler” - but haven’t had any luck getting it to work. Help is appreciated. :smile:


#2

return new Ember.Handlebars.SafeString('<script>alert("lol");</script>');

it should still be there, even with HTMLBars.

On the 1.10 CHANGELOG:

[BUGFIX] Export Ember.Handlebars compat shim for Ember.Handlebars.SafeString and Ember.Handlebars.Utils.escapeExpression.


#3

Then I would still neee to include the entire handlebars library. Right? Isn’t there a way to do with without including a lot of extra KBs that the uset have to download?


#4

Nope: http://jsbin.com/bexatekuvo/1/edit


#5

Sorry for not getting back to you.

Have you tried with the final version of ember 1.10?

It returns the following error to me:

Uncaught Error: Cannot call compile without the template compiler loaded. Please load ember-template-compiler.js prior to calling compile.


#6

@bjerh - You need to load the template compiler in the JSBin: http://jsbin.com/cegugu/1/edit?html,js,output

See http://emberjs.com/blog/2015/02/05/compiling-templates-in-1-10-0.html for more details.


#7

That is expected. You are trying to compile templates, which you need the template compiler for


#8

Thanks guys! And sorry for not answering. Funny thing though: I’m not including the template compiler at the moment but the Ember.Handlebars.SafeString() is still working. :confused:


#9

FWIW I strongly suggest using:

Ember.String.htmlSafe('<div>someString</div>')

It is more future-safe.