####Unicode needs no extra escaping when in a view template string
m('div', "あなたは友人である場合は、パスワードを話す、とドアが開きます")
m.render(document.body, "hello 世界")
####Whitespace can be achieved a few different ways:
css
m("div[style='white-space:pre']", "LIST:\n\titem 1\n\titem 2")
LIST:
item 1
item 2
helper function
function sws(str) { //stands for significant white space
return m.trust(str.replace(/ /g, " ").replace(/\n/g, "<br>").replace(/\t/g, " "))
}
m("div", sws("Todo List\n\tGain weight ✔︎\n\tDrink more ✔\n\tSpend money on useless things ✔"))
Todo List ✔︎︎
Gain weight ✔︎
Drink more ✔︎
Spend money on useless things ✔︎
HTML entities
just use the respective unicode codepoints
function nbsp(str) {
return str.replace(/ /g, "\u00A0") //nbsp
}
The helper function example allows HTML injection, I suggest being more careful with
m.trust
. If an attacker can influence the input string, this can become a serious problem