A static archive of Markus Tacker's tweets. Follow me on Mastodon: @[email protected].
Use very restrictive code like:
const templateString = 'abc${val}def' // could come from a database ... const
val = 'f00'; console.log(templateString.replace(/${val}/g, val))
which replaces the exact instace of the placeholder, nothing else.
Don't do things that evals all variables. In most cases (e.g. rendering an email
subject), the names of the variables are known and defined. Support only that.
In the original case of the code, there would have been ever only one
placeholder...