|
|
Boost : |
From: Dominique Devienne (ddevienne_at_[hidden])
Date: 2023-02-08 12:45:20
On Wed, Feb 8, 2023 at 1:32 PM Julien Blanc <julien.blanc_at_tgcm.eu> wrote:
> Le mercredi 08 février 2023 à 11:44 +0100, Dominique Devienne via Boost
> > On Wed, Feb 8, 2023 at 11:12 AM Ruben Perez via Boost
> > <boost_at_[hidden]>
> > There are 4 use-cases IMHO, for a templating engine:
> > 1) pure text-template. No escaping;
> > 2) text-template to embed in some custom format
> > 3) template generates HTML
> > 4) template generates text, possibly HTML-like
>
> I did not check what boost.mustache does, but from the documentation (
> https://mustache.github.io/mustache.5.html ): “All variables are HTML
> escaped by default. If you want to return unescaped HTML, use the
> triple mustache: {{{name}}}.â€. I understand “unescaped HTML†as “plain
> textâ€. So thick mustaches {{{foo}}} would be #1.
>
> If that's not the case (ie it can't produce plain text), that would
> make boost.mustache completely useless for me.
>
I think you're right, and I got it wrong above.
If foo contains the text "<foo&bar/>" (w/o the dquotes),
then the template {{foo}} should expand to ">foo&bar/<",
while {{{foo}}} should expand to "<foo&bar/>" verbatim.
So that covers #4 (and there's no #3...), and #1, respectively.
But that leaves #2 uncovered I think.
So I still think escaping should be an independent / orthogonal dimension
from the templating proper.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk