Insites Docs Developers liquid Liquid Sanitization

Liquid Sanitization

Last updated on August 15, 2024

When you display data, from user input or from external sources, it is important to sanitise output before displaying it on a website to avoid XSS attacks. In Liquid on Insites, we escape every variable output when you use and markups.

Input

Output (not processed by the browser)

In this case HTML tags are not processed by the browser so the link is not a clickable link.

Disable Variable Sanitization

In situations when you want to display content as it is you can use html_safe to specify that this variable can be printed without sanitization.

This is especially important when you try to construct a JSON output.

Input

Output

Escape Variables Before Passing them to External Systems

You can also run HTML/JavaScript sanitization on variables before passing them to tags/filters:

Have a suggestion for this page?

Didn't quite find what you are looking for or have feedback on how we can make the content better then we would love to hear from you. Please provide us feedback and we will get back to you shortly.