no-triple-curlies

:white_check_mark: The extends: 'recommended' property in a configuration file enables this rule.

Usage of triple curly braces to allow raw HTML to be injected into the DOM is a large vector for exploits of your application (especially when the raw HTML is user-controllable). Instead of using }, you should use appropriate helpers or computed properties that return a SafeString (via Ember.String.htmlSafe generally) and ensure that user-supplied data is properly escaped.

Examples

This rule forbids the following:

}

This rule allows the following:

References

• See the documentation for Ember’s htmlSafe function