I want to persist an article in a database, MongoDB in this case, and isome words must be links to another pages.
When I submit the article to an EJS template, I expect that the anchor tags I inserted at the moment of writing the article, work as links and not as pure text, as it is happening.
An example of text:
const article = "Stack Overflow and the Stack Exchange network help people find the answers they need, when they need them. Comprising 173 Q&A communities, including **<a** **href='https://stackoverflow.com'>**Stack Overflow**</a>**, over 100 million people visit every month to ask questions, learn, and share technical knowledge. Our products and tools empower people to find what they need to develop technology at work or at home. These products include, Stack Overflow for Teams, Stack Overflow Advertising, Collectives™ on Stack Overflow, and Stack Overflow Talent."
In the template, a p tag will receive the article text:
<div >
<div >
<p >
**<%= posts[0].compose %>**
</p>
</div>
</div>
The problem is: when the text is retrived from the database, and submitted to the template, the anchor tags are displayed as plain text and not as links.
Stack Overflow and the Stack Exchange network help people find the answers they need, when they need them. Comprising 173 Q&A communities, including <ahref='https://stackoverflow.com'>Stack Overflow</a>, over 100 million people visit every month to ask questions, learn, and share technical knowledge. Our products and tools empower people to find what they need to develop technology at work or at home. These products include, Stack Overflow for Teams, Stack Overflow Advertising, Collectives™ on Stack Overflow, and Stack Overflow Talent."
How can I return text from the database so that the anchor tags are shown as links and not ordinary text ?
CodePudding user response:
Look at the EJS homepage which tells you that:
<%=
Outputs the value into the template (HTML escaped)
Since you want the output to be rendered as HTML and not escaped, look at the next line:
<%-
Outputs the unescaped value into the template
Make sure you take steps to defend yourself from cross-side scripting attacks.