Cannot render JSON about mithril-node-render HOT 8 CLOSED

Hi,

I changed this is for security reasons. Output is now always quoted as mithril also does.

you can avoid the quoting by using

return m('SCRIPT', m.trust('var who = ' + JSON.stringify(ctrl.js));

Didn't test if this works for JSON. May you can and confirm that it's working.

from mithril-node-render.

Yep, confirmed working, cheers! 👍

from mithril-node-render.

Ah, wait, no, I was still using 0.1.5.

It's still doing the quotes, even though it's m.trust - it seems as though it always applies the escapeHtml no matter what...

from mithril-node-render.

Stange

I'll fix that tomorrow. Fell free to open a PR if you want

from mithril-node-render.

I've created a mithril demo here:

http://codepen.io/jsguy/pen/azGmbw?editors=101

I'm not sure how to best solve this - do we need to override m.trust, so that we know the call is from there?

from mithril-node-render.

Also, here is a runnable, with the same view to show the issue in node:

http://web-b7843201-9634-4b57-b4ae-2203d5cc5bbd.runnable.com

Hmmm... if that doesn't work, (runnable is sometimes a little "moody"), the code is:

var http = require('http'),
  m = require('mithril'),
  render = require('mithril-node-render');

http.createServer(function (req, res) {
  var result = "", obj = {"hello": "world"};

  result =  render(m("CODE", "var who = " + JSON.stringify(obj)));

  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end(result);
}).listen(80);
console.log('Server listening on port 80');

Output:

<CODE>var who = {&quot;hello&quot;:&quot;world&quot;}</CODE>

from mithril-node-render.

Just released 0.2.2

I now only escape quotes for attributes. Hope that solves the issue.

from mithril-node-render.

Works for me, thanks! 👍

from mithril-node-render.