Function
htmlSafe SafeString public
| Module: | @ember/template |
|---|
Defined in packages/@ember/-internals/glimmer/lib/utils/string.ts:61
import { htmlSafe } from '@ember/template';- returns
- SafeString
- A string that will not be HTML escaped by Handlebars.
Use this method to indicate that a string should be rendered as HTML when the string is used in a template. To say this another way, strings marked with htmlSafe will not be HTML escaped.
A word of warning - The htmlSafe method does not make the string safe; it only tells the framework to treat the string as if it is safe to render as HTML. If a string contains user inputs or other untrusted data, you must sanitize the string before using the htmlSafe method. Otherwise your code is vulnerable to Cross-Site Scripting. There are many open source sanitization libraries to choose from, both for front end and server-side sanitization.
import { htmlSafe } from '@ember/template';
const someTrustedOrSanitizedString = "<div>Hello!</div>"
htmlSafe(someTrustedorSanitizedString)© 2022 Yehuda Katz, Tom Dale and Ember.js contributors
Licensed under the MIT License.
https://api.emberjs.com/ember/4.9/functions/@ember%2Ftemplate/htmlSafe