Newlines are not HTML escaped

Question

Newlines are not HTML escaped

Snafuuz opened this issue 7 years ago · 2 comments

The mustache documentation says:
"All variables are HTML escaped by default."

The documentation is not very explicit about newlines in this context, but I think they should be converted to
tags, so a value can also have multiple lines and still be rendered correctly, including line breaks.

The problem can of course be avoided by using a custom escaping function, but I assume the correct behaviour would be to translate newlines into
by default

Answer 1 · 2018-03-26T14:13:32.000Z

=> I filed a pull request with a change that adds newline conversion to the HTML escape function
#19

Answer 2 · 2018-04-01T18:27:13.000Z

See my comments in the PR.