Last active
June 27, 2017 00:21
-
-
Save stevenhao/40f852353089e3d27391266eea6b67ba to your computer and use it in GitHub Desktop.
Breaking Blaze HTML-escaping of <script> contents
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/packages/boilerplate-generator/boilerplate-generator.js b/packages/boilerplate-generator/boilerplate-generator.js | |
index 22e06e98f..9be1cc14c 100644 | |
--- a/packages/boilerplate-generator/boilerplate-generator.js | |
+++ b/packages/boilerplate-generator/boilerplate-generator.js | |
@@ -88,6 +88,7 @@ Boilerplate.prototype._generateBoilerplateFromManifestAndSource = | |
readUtf8FileSync(pathMapper(item.path)); | |
} | |
}); | |
+ boilerplateBaseData.test = 'alert("Is one less that two? Click to find out!"); if (1 < 2) alert("YES!") else alert("NO!")'; | |
var boilerplateRenderCode = SpacebarsCompiler.compile( | |
boilerplateSource, { isBody: true }); | |
diff --git a/packages/boilerplate-generator/boilerplate_web.browser.html b/packages/boilerplate-generator/boilerplate_web.browser.html | |
index fb03a5702..0f9d9ba33 100644 | |
--- a/packages/boilerplate-generator/boilerplate_web.browser.html | |
+++ b/packages/boilerplate-generator/boilerplate_web.browser.html | |
@@ -14,6 +14,9 @@ | |
{{/if}} | |
{{#each js}} <script type="text/javascript" src="{{../bundledJsCssUrlRewriteHook url}}"></script> | |
{{/each}} | |
+<script> | |
+ {{test}} | |
+</script> | |
{{#each additionalStaticJs}} | |
{{#if ../inlineScriptsAllowed}} | |
<script type='text/javascript'> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The relevant html generated:
The resulting behavior (Chrome):