SecureHandlebars 自动应用上下文相关的 XSS 输出过滤,以防止 XSS。
示例代码:
<!-- Disable the original handlebars --> <!--script src="dist/handlebars.min.js"></script--> <script src="dist/secure-handlebars.min.js"></script> <script> // given data stores a handlebars template as string var html = '<html><title>{{title}}</title></html>', data = {title: 'Hello'}; // analyze the HTML contexts, and return a handlebars template with context-sensitive helpers added var template = Handlebars.compile(html); // html is '<html><title>Hello</title></html>' var html = template(data); // inserts the html to the DOM// ... </script>
