Style and script tags
Christian Dräger edited this page Sep 12, 2019
·
3 revisions
As far as <style> and <script> tags require text content not escaped while + operator (text() function) does escape, you have to use unsafe { } block. However you have to use it with great care if you have non-constant content as you can get XSS if you have some dynamic parts in your script/style. Once you use unsafe you have to escape it on your own side accordingly.
script(type = ScriptType.textJavaScript) {
unsafe {
raw("""
function my() { return 1; }
""")
}
}head {
style {
unsafe {
raw("""
body {
background-color: #272727;
color: #ccc;
}
""")
}
}
}