I use AngularJS and Tapestry 5.3 in my web project.
The problem is next:
1. User inputs some data in text field, for example his profile
description, and post it to server.
2. Profile description renders with tapestry variable:
<div>$description<div>
3. if $description contains some text like this "{{
<script>alert("Hehe!");</script> }}", AngularJS starts interpret this, and
it is a big security problem.
Tapestry escapes standard html symbols: < replaces with < and so on. So
if user inputs some html tags, tapestry decorates it and it is great. I
want replace '{' symbol with {
I found class AbstractMarkupModel in source, which doing this decorating
work.
The question is: how replace behavior of AbstractMarkupMode.encode to
support decoration of {{ symbol?
