Skip to content

Instantly share code, notes, and snippets.

@kzgolden-pba

kzgolden-pba/controllers.application.js

Last active March 1, 2018 17:55
Show Gist options
  • Save kzgolden-pba/285df0bc0173c0b6323f56c402315aa1 to your computer and use it in GitHub Desktop.
Save kzgolden-pba/285df0bc0173c0b6323f56c402315aa1 to your computer and use it in GitHub Desktop.
Download ZIP
htmlSafe Not Safe
Raw
controllers.application.js
import Ember from 'ember';
export default Ember.Controller.extend({
appName: 'Ember Twiddle',
htmlToRender: '',
actions: {
loadArbitraryScriptTag() {
alert('action fired');
this.set('htmlToRender', Ember.String.htmlSafe('<svg witdth="300" height="300" onclick="alert(\'XSS\');">'));
}
}
});
Raw
templates.application.hbs
<h1>Welcome to {{appName}}</h1>
<br>
<br>
{{htmlToRender}}
<br>
<br>
<button {{action "loadArbitraryScriptTag"}}>Button</button>
<br>
<br>
{{outlet}}
<br>
<br>
Raw
twiddle.json
{
"version": "0.13.0",
"EmberENV": {
"FEATURES": {}
},
"options": {
"use_pods": false,
"enable-testing": false
},
"dependencies": {
"jquery": "https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.js",
"ember": "2.16.2",
"ember-template-compiler": "2.16.2",
"ember-testing": "2.16.2"
},
"addons": {
"ember-data": "2.16.3"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment