-
|
I have the following code: What's the best way to sanitize each of the variables used in the string template? Ideally I want to ensure that these variables, like One idea I have to wrap each |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Hi @paymog, |
Beta Was this translation helpful? Give feedback.
-
|
ah gotcha! yeah I want to sanitize each variable because the emails might be fairly complex and I think would be easier to sanitize the variables than to figure out all the tags of each various email I might send. |
Beta Was this translation helpful? Give feedback.
-
|
sanitize-html seems unnecessary if you just want to have tags in your own
string, like your paragraphs, but no tags in the user input.
In that case, just escape the < & and > characters in the usual way with
HTML entities.
…On Mon, Aug 28, 2023 at 8:29 AM Paymahn Moghadasian < ***@***.***> wrote:
ah gotcha! yeah I want to sanitize each variable because the emails might
be fairly complex and I think would be easier to sanitize the variables
than to figure out all the tags of each various email I might send.
—
Reply to this email directly, view it on GitHub
<#631 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAH27NODV2GYYKEBLCJ6QLXXSFMJANCNFSM6AAAAAA37K733Q>
.
You are receiving this because you are subscribed to this thread.Message
ID: <apostrophecms/sanitize-html/repo-discussions/631/comments/6841992@
github.com>
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
|
Beta Was this translation helpful? Give feedback.
Hi @paymog,
Just pass each of the variables in with
allowedTags: false. Is the problem that you can't sanitize before thesendEmail()call?