Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Curly braces escape #228

Closed
valrdclr opened this issue Mar 15, 2024 · 4 comments
Closed

Curly braces escape #228

valrdclr opened this issue Mar 15, 2024 · 4 comments
Labels
in progress

Comments

@valrdclr
Copy link

Is it possible to escape curly braces like "{{" from the findings?
If I want to use them inside the findings, it will crash the report generation because it thinks you want to insert Vue variables (even if I put them in the code quotes)

So far tried to escape with double curly braces and backslash but it doesn't work.
@aronmolnar
Copy link
Contributor

Sure you can use the v-pre directive: <span v-pre>{{ this will not be compiled }}</span>.

https://vuejs.org/api/built-in-directives.html#v-pre

@MWedl
Copy link
Contributor

MWedl commented Mar 15, 2024

Currently, escaping curly braces is very tricky. Two consecutive curly braces are interpreted as vue template syntax.

In the HTML template of designs, you can use <span v-pre>{{ test }}</span> or &lcub;&lcub; test &rcub;&rcub;. In markdown, however, these solutions do not work because of markdown pre-processing.

The generic solution that also works in markdown fields is:

{&ZeroWidthSpace;{ test }}

We should definitely improve escaping curly braces. My preferred escape syntax would be \{\{ test \}\}. Additionally we should allow v-pre directives in markdown and preserve &lcub; and &rcub; HTML entities in markdown fields.

@valrdclr
Copy link
Author

Currently, escaping curly braces is very tricky. Two consecutive curly braces are interpreted as vue template syntax.

In the HTML template of designs, you can use <span v-pre>{{ test }}</span> or &lcub;&lcub; test &rcub;&rcub;. In markdown, however, these solutions do not work because of markdown pre-processing.

The generic solution that also works in markdown fields is:

{&ZeroWidthSpace;{ test }}

We should definitely improve escaping curly braces. My preferred escape syntax would be \{\{ test \}\}. Additionally we should allow v-pre directives in markdown and preserve &lcub; and &rcub; HTML entities in markdown fields.

The ZeroWidthSpace doesn't work if the payload is inside "code" markdown. However I found a workaround and I'm just copying zerowidth element manually: https://zerowidthspace.me
Seems like the bytes are not reflected in the pdf and it is stripped. But still a proper escaping would be good in the future :). Thanks

@MWedl MWedl mentioned this issue Apr 6, 2024
Closed
@MWedl
Copy link
Contributor

MWedl commented Apr 10, 2024

Implemented in https://github.com/Syslifters/sysreptor/releases/tag/2024.28

Curly braces can now be escaped with backslashes. Additionally, curly braces inside markdown code blocks are never interpreted as Vue template variable expressions.

@MWedl MWedl closed this as completed Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in progress
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aronmolnar @MWedl @valrdclr