Is it necessary to escape slash (/
)?
#2199
Replies: 3 comments 3 replies
-
Can you provide a minimal reproducible example of what you exactly mean? |
Beta Was this translation helpful? Give feedback.
-
Great question, thank you. We encountered it working with I'm having some trouble creating a minimal test case. I'll keep working on it, but in the meantime I can point at a test in this repo: https://github.com/i18next/i18next/blob/c8d9f7bbc77ccb1bc1f24272827afd9295281756/test/runtime/interpolation.test.js#L294C1-L298C9 const tests = [
{
args: ['test {{test}}', { test: '<a>foo</a>' }],
expected: 'test <a>foo</a>',
}, What I'm suggesting is that the slash doesn't need to be escaped, and the expected value should be: expected: 'test <a>foo</a>', |
Beta Was this translation helpful? Give feedback.
-
Found the original commit that introduced that escape function: 01082e0#diff-c761a09fd4bad3ad646a9cfa821ef6010082320baf15c59f3c03daf9f40dd404R59 |
Beta Was this translation helpful? Give feedback.
-
We were surprised to find the value "$10/month" interpolated into a
Trans
component as$1/month
. Is it necessary? Resources like this OWASP cheat sheet and this Stack Overflow answer seem to recommend escaping&<>"'
but not/
.It doesn't matter in the browser, but it was a bit of a hiccup because our unit tests expected to see "$10/month" in the output and instead had to look for the HTML entity. I guess I'm just wondering why.
Beta Was this translation helpful? Give feedback.
All reactions