On Wed, Feb 8, 2023 at 1:32 PM Julien Blanc <julien.blanc@tgcm.eu> wrote:
Le mercredi 08 février 2023 à 11:44 +0100, Dominique Devienne via Boost
On Wed, Feb 8, 2023 at 11:12 AM Ruben Perez via Boost <boost@lists.boost.org> There are 4 use-cases IMHO, for a templating engine: 1) pure text-template. No escaping; 2) text-template to embed in some custom format 3) template generates HTML 4) template generates text, possibly HTML-like
I did not check what boost.mustache does, but from the documentation ( https://mustache.github.io/mustache.5.html ): “All variables are HTML escaped by default. If you want to return unescaped HTML, use the triple mustache: {{{name}}}.”. I understand “unescaped HTML” as “plain text”. So thick mustaches {{{foo}}} would be #1.
If that's not the case (ie it can't produce plain text), that would make boost.mustache completely useless for me.
I think you're right, and I got it wrong above. If foo contains the text "<foo&bar/>" (w/o the dquotes), then the template {{foo}} should expand to ">foo&bar/<", while {{{foo}}} should expand to "<foo&bar/>" verbatim. So that covers #4 (and there's no #3...), and #1, respectively. But that leaves #2 uncovered I think. So I still think escaping should be an independent / orthogonal dimension from the templating proper.