0

I have this express application with mongoDB as the database and handlebars as my server-side templating engine. I am not using AngularJS or Ajax in my application.

In one of the routes, I have to render the page as well as send over a json file from the database. However, I am not able to achieve this.

Here is code snippet the my route:

router.get('/disks', function(req, res, next) {
  places.find({"category": "disks"}, function(err, disks){
      if(err){
        throw err;
      }

       res.render('disks', 
        { 
          'risime': JSON.stringify(disks)
        });
      console.log(disks); // PROPERLY LOGS TO THE CONSOLE
  });
});

In the hbs, I am trying to capture it, but I don't even think that it is JSON.

Here is how it gets logged in the client side:

[{"_id":"5704630a7d4cd367f8dsdce7","name":"Seagate",:"This awesome Hard disk",","categories":["SDD","256GB"]}]

What is the issue and how do I resolve it?

Improve this question

2 Answers 2

Reset to default
1

It's handlebars that "html escapes" your string (which is what you normally want).

if you don't want that, you can use the "triple-stash" notation, like this:

{{{risime}}}

You can read about this here: http://handlebarsjs.com/#html-escaping

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Um, what are the disadvantages of ignoring the HTML escape characters?
Security. If the string comes from an untrusted source (eg. user input), the string could be unsafe and without any escaping it could easily contain html tags (like <script>). That could be use to attack the website with, for example, an XSS exploit.
Oh, okay. But this string is coming from the database, so no issues if I escape the HTML right?
it depends on how the string gets into the database ;)
0

I think you need to add this before render:

res.type('application/json');

The client will know this is a JSON, not a HTML or a plain text and it will be shown correctly.

I hope my answer will help you.

Improve this answer

2 Comments

Um, but I am also using res.render() Won't this be affected?
I tried it out, this does not work with res.render(). It just displays my page as plain-text instead of a web page.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.