CODEWITHSUNDEEP
closuresgoogle-closure-templates
user2881063
user2881063

Reputation: 1059

How to pass html parameter in Google Closure Template

Guys I want to pass a parameter that contains html characters in Google Closure Template, but all I get is literal html texts. How to do this?

What I have tried so far is this : 

{template .modal autoescape="strict" kind="html"}
   {$html_content}
{/template}

I have been reading this but it's not very helpful. Thanks

Upvotes: 2

Views: 3322

Answers (1)

Nik Sumeiko
Nik Sumeiko

Reputation: 8723

{template .modal}
   {$html_content |noAutoescape}
{/template}

Is going to print your HTML. But consider that using |noAutoescape in your templates is discouraged.

Discouraged: It's easy to accidentally introduce XSS attacks when the assertion that content is safe is far away from where it is created. Instead, wrap content as sanitized content where it is created and easy to demonstrate safety.
Google Closure Templates Functions and Print Directives


Or if you are sure $html_content is "safe" HTML, you can ordain it right where you pass parameters to the template:

goog.require('soydata.VERY_UNSAFE');
goog.require('template.namespace');

var container = document.getElementById('modal');
var html = '<strong>HTML you trust!</strong>';

container.innerHTML = template.namespace.modal({
  html_content: soydata.VERY_UNSAFE.ordainSanitizedHtml(html);
});

Then your initial template is going to print HTML as it is:

/**
 * @param html_content HTML markup
 */
{template .modal autoescape="strict" kind="html"}
   {$html_content}
{/template}

Upvotes: 5

Related Questions