How to prevent Twirl from HTMLentities-encode strings in script scetion?

96 views Asked by At

I'm trying to embed JsonLd into my pages using Twirl, but for some reason the content gets HTMLentities-encoded.

My (twirl template) html looks like this:

@(jsonLd: String)(implicit config: play.api.Configuration)
@main() {
  <script type="application/ld+json">
    @jsonLd
  </script>
}

But when I look in the web browser I see something like: {&quot;@type&quot;:&quot;DataRecord&quot;,&quot;@context&quot;... etc.

How can I prevent @jsonLd from getting encoded??

1

There are 1 answers

0
cbley On BEST ANSWER

By default, all dynamic contents is encoded for security reasons to avoid some common attacks (XSS). See here: https://www.playframework.com/documentation/2.8.x/ScalaTemplates#Escaping

You can use

@Html(jsonLd)