Add JS string escape helper #847
Assignees
Comments
|
Hey, that sounds like a good idea. Do you have an example of the approach you have in mind? Not the implementation but the interface. What would it look like with alpine? |
|
I don’t think we can find automatically escape JSON strings like we can with HTML, so I guess the interface would be just adding a def json_escape(string)
ERB::Util.json_escape(string)
end |
|
This is my feeling as well. We don't have a particularly elegant way of dynamically applying the JSON escape logic in the templates automagically without tying the implementation logic to the alpine-specific data attributes. I'll whip up a PR for this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey Joel 👋,
Thanks for the Phlex library, it feels like what HAML and view components could've been.
We're using it alongside alpine.js and overall very happy with the experience. One issue we're running into is the need to escape strings prior to JS evaluation and our current approach feels slightly cumbersome. I'd love to open a PR to add a JS string escape helper that leverages json_escape and raw under the hood to ensure that we're not exposing ourselves to XSS attacks.
Are you open to a contribution like this?
The text was updated successfully, but these errors were encountered: