-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redesign PreEscaped
API
#270
Comments
Just wanted to mention that |
There needs to be consideration for making sure it is possible to serialize |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current
PreEscaped
API has a few issues:PreEscaped
/Markup
naming was lifted fromblaze-markup
, which supports both HTML and XML. But Maud was always HTML-only, and the upcoming context-aware escaping effort will deepen this specialization.Html
.PreEscaped
wraps anyT: AsRef<str>
, but I've only seen it used withString
and&'static str
.Cow<'static, str>
instead.PreEscaped
constructor makes it too easy to treat any arbitrary string as HTML. Modern APIs like the Trusted Types proposal force the user to do some sanitizing/escaping first, or at least acknowledge the security risk if they don't.sanitize
) option is shorter!The text was updated successfully, but these errors were encountered: