1

I have been trying to save some part of my page as html in my mongodb database using mongoose, here's what my Schema looks like

var projectSchema = new mongoose.Schema({
    title: String,
    subtitle: String,
    description: [],
    thumbnail: String,
    images: [String],
    keywords: [String],
    hours: Number,
    tools: [String],
    views: Number,
    created: {
        type: Date,
        default: Date.now
    }
});

it's the one called "description", and in my HTML I loop over the array and extract the string, then try to view it as HTML but it always shows up as text, here's my EJS file

<% var description = project.description %>
<% description.forEach(function(description){ %>
    <%= description %>
<% }); %>

now after that it just prints the string to my page and doesn't render it as HTML

enter image description here

Edit: Now it works by using <%- %> instead of <%= %>

Improve this question
2
  • 2
    Use <%- description %> Commented Feb 15, 2016 at 0:34
  • It worked, thank you :) Commented Feb 15, 2016 at 0:36

1 Answer 1

Reset to default
2

EJS has various tags for different kinds of output. <%= will output escaped html. If you want to output unescaped html so it is rendered as html, use <%-.

Be aware of the dangers of cross site scripting and injection. Make sure that your HTML is safe to output or that you strip out dangerous tags and attributes. There are several packages out there that can help sanitize HTML to make it safe(r) for output such as https://www.npmjs.com/package/sanitize-html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.