|
|
Boost : |
From: Dominique Devienne (ddevienne_at_[hidden])
Date: 2023-02-08 10:44:53
On Wed, Feb 8, 2023 at 11:12 AM Ruben Perez via Boost <boost_at_[hidden]>
wrote:
> My other point to note is about HTML escaping.
>
There are 4 use-cases IMHO, for a templating engine:
1) pure text-template. No escaping;
2) text-template to embed in some custom format, with its own escaping
rules;
3) template generates HTML, and "some" characters of the placeholders need
escaping;
4) template generates text, possibly HTML-like, meant to be embedded into
HTML, thus "more" escaping is necessary.
#3 use regular mustaches, {{foo}}, while #4 uses "thick" ones, {{{foo}}}.
These are the regular uses Mustache was created for.
But should we forego #1 and #2 completely? Why not make the escaping
pluggeable, to have something more flexible?
(and that flexible escaping would still be made aware of {{foo}} vs
{{{foo}}} to decide for itself whether to escape the same or not).
Go has two packages for templating, text/template [1] and html/template,
but they are the same template engine AFAIK,
it's just the escaping rules that change I believe. Sounds to like
Boost.Mustache should not be HTML-only. My $0.02. --DD
[1]: https://pkg.go.dev/text/template
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk