Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
882 views
in Technique[技术] by (71.8m points)

quill - unable to escape In pug lang

So i have some user defined HTML generated using QuillJS (wysiwyg editor). as far as display / editing the text inside the editor is concerened it is working fine, but when i try to show the same data on a page using !{var} on my pug page it shows as string "....my HTML code here...."

-----Here is how it looks when i fetch it from DB----

 "<h1 class="ql-align-center">Essential things to think about before starting a blog</h1><p><br></p><h2 class="ql-align-center">?It takes several ingredients to create a delicious blog&l
    t;/h2><p><br></p><p class="ql-align-justify">It has been exactly 3 years since I wrote my first blog series entitled “Flavorful Tuscany”, but starting it was definitely not easy. Back then, I didn’t know much about blogging, let alone think that one day it could become <strong>my full-time job</strong>. Even though I had many recipes and food-related stories to tell, it never crossed my mind that I could be sharing them with the whole world.</p><p class="ql-align-justify">I am now a <strong>full-time blogger</strong> and the curator of the <a href="https://ckeditor.com/ckeditor-4/#" target="_blank">Simply delicious newsletter</a>, sharing stories about traveling and cooking, as well as tips on how to run a successful blog.</p><p class="ql-align-justify">If you are tempted by the idea of creating your own blog, please think about the
    following:</p><ul><li class="ql-align-justify">Your story
    (what do you want to tell your audience)</li><li class="ql-align-justify">Your audience (who do you write for)</li><li class="ql-align-justify">Your blog name and design</li></ul>"

---------and here is how is looks on the in chrome DevTools----

<div class="text-justify" id="description">
&lt;h1 class="ql-align-center"&gt;Essential things to think about before starting a blog&lt;/h1&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;h2 class="ql-align-center"&gt;?It takes several ingredients to create a delicious blog&lt;/h2&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p class="ql-align-justify"&gt;It has been exactly 3 years since I wrote my first blog series entitled “Flavorful Tuscany”, but starting it was definitely not easy. Back then, I didn’t know much about blogging, let alone think that one day it could become &lt;strong&gt;my full-time job&lt;/strong&gt;. Even though I had many recipes and food-related stories to tell, it never crossed my mind that I could be sharing them with the whole world.&lt;/p&gt;&lt;p class="ql-align-justify"&gt;I am now a &lt;strong&gt;full-time blogger&lt;/strong&gt; and the curator of the &lt;a href="https://ckeditor.com/ckeditor-4/#" target="_blank"&gt;Simply delicious newsletter&lt;/a&gt;, sharing stories about traveling and cooking, as well as tips on how to run a successful blog.&lt;/p&gt;&lt;p class="ql-align-justify"&gt;If you are tempted by the idea of creating your own blog, please think about the following:&lt;/p&gt;&lt;ul&gt;&lt;li class="ql-align-justify"&gt;Your story (what do you want to tell your audience)&lt;/li&gt;&lt;li class="ql-align-justify"&gt;Your audience (who do you write for)&lt;/li&gt;&lt;li class="ql-align-justify"&gt;Your blog name and design&lt;/li&gt;&lt;/ul&gt;  
</div>

What am i doing wrong..

  1. i tried to save it into a new var and pass it separately to the template.
  2. i tried alternatives to string Interpolation methods i got via google.

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

@sean was right, the code was escaping but not in the database but before it even went to db, apprantly a plugin 'xss-clean' was converting the HTML tag to HTML Entites.

Here is the sample of that value which can even be seen in the Question:

&lt;h1 class="ql-align-center">

With that Plugin disabled the unescaping started to work..

I would strongly recommend other who might face the same issue, to check for the such small anamolies and handle them as one of the step in there debugging process.

PS: i switched from Xss-Clean to Helmet along with a alternative to Xss-clean.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...