Mustache automatically converts html special characters

Posted in Articles

Tweet This Share on Facebook Bookmark on Delicious Digg this Submit to Reddit

One advantage of using a templating engine such as mustache is that it automatically converts certain special characters to HTML entities, which is part of security best practices.  So < will become &lt; and > becomes &gt;   If this was unsafe user inputted data, the conversion would prevent injection of any script tags.

Continuing from our getting-started tutorial on mustache.php, if we pass in data of <John> …

mustache example

mustache example

We would get this source output …

mustache source output

mustache source output

If we had using straight PHP without templating engine, we would have to do …

<?php echo htmlspecialchars($firstname); ?>

everytime we output user inputted data.



Related Posts

Share This