Skip to content

grantwood/mustache.js

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

336 Commits

spec

spec

 
 

wrappers

wrappers

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

TESTING.md

TESTING.md

 
 

mustache.js

mustache.js

 
 

mustache.js.nuspec

mustache.js.nuspec

 
 

package.json

package.json

 
 

Repository files navigation

WARNING: This is a dangerous fork of Mustache.js.

This version of Mustache.js no longer HTML escapes {{variables}}, instead it SQL escapes them.

Wait what?

I'm using Mustache.js to output large SQL scripts, but HTML escaping variables isn't safe for this use and SQL escaping is necessary.

Is this a good idea? Well, yes and no. Simply SQL escaping output from your data into a Mustache template is no substitute for validating and sanitizing any incoming data into your system. Having said that, Mustache was a good choice for me to generate some large SQL scripts. While my input data has been sanitized and validated, I still needed to escape dangerous MYSQL characters, thus this fork.

for the real Mustache.js see:

mustache.js is an implementation of the Mustache template system in JavaScript.

About

Minimal templating with {{mustaches}} in JavaScript

mustache.github.com/

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • JavaScript 73.1%
  • Ruby 26.9%