ashwanikumarjha
Thu Jun 20 2024
EJS, the templating engine for JavaScript, allows us to generate HTML markup with plain JavaScript.
By default, EJS escapes any HTML entities in the output to prevent issues such as cross-site scripting. This is done by replacing characters like
For example:
Unescape HTML entities with
If we want EJS to output our data without escaping HTML entities, replace
By default, EJS escapes any HTML entities in the output to prevent issues such as cross-site scripting. This is done by replacing characters like
<, >, &, and " with their respective HTML entity codes.For example:
- `&` is replaced with `&`
- `<` is replaced with `<`
- `>` is replaced with `>`
- `"` or `'` (double or single quote) is replaced with `"` or `'` respectively.Unescape HTML entities with
<%- %>If we want EJS to output our data without escaping HTML entities, replace
<%= %> with <%- %>. This instructs EJS to render the data as unescaped.