Express and ejs <%= to render a JSON

javascript json express ejs

In my index.ejs I have this code:

var current_user = <%= user %>

In my node I have

app.get("/", function(req, res){
    res.locals.user = req.user
    res.render("index")
})

However, on the page I obtain

var current_user = [object Object]

and if I write 

var current_user = <%= JSON.stringify(user) %>

I obtain:

var current_user = {&quot;__v&quot;:0,&quot;_id&quot;:&quot;50bc01938f164ee80b000001&quot;,&quot;agents&quot;:...

Is there a way to pass a JSON that will be JS readable?


Oh that was easy, don't use <%=, use <%- instead. For example:

 <%- JSON.stringify(user) %>

The first one will render in HTML, the second one will render variables (as they are, eval)


Attention!

If the user can be created through API calls, <%- would leave you with serious XSS vulnerability. Possible solutions can be found here:

Pass variables to JavaScript in ExpressJS


if like me your object can include an escaped character such as / or " then use this more robust solution

var current_user = <%- JSON.stringify(user).replace(/\\/g, '\\\\') %>

Related

How to Multi-thread an Operation Within a Loop in Python
BuildConfig.DEBUG always false when building library projects with gradle
Fixing a systemd service 203/EXEC failure (no such file or directory)
How to add two NSNumber objects?
Why are database features being ignored, and instead reinvented in the middle tier?
Intellij compile failures: "is already defined as"
Usage and Syntax of std::function
How to access parameters in a Parameterized Build?
How to make a modulo operation in objective-c / cocoa touch?
Bash Scripting - How to set the group that new files will be created with?
Python strip() multiple characters?
How to change the port number for Asp.Net core app?