How to pass <script> as a string to a blaze layout


Currently I store in my database the content of a page as the html of it. When I bring this data to blaze I use: {{{content}}} which loads html code as its supposed to be. The only problem is that when I send in the string a element, this doesnt render through the {{{content}}}. Does anyone know how to render this?

A example of content could be:

content: "<script src=\"\" async></script><p>This is a test</p>"

This content would only render the

element but the is never loaded (as if its been excluded).


You can try $.getScript("");

inside onRendered Method, Use

console.log(“Script loaded”);


Here is an example how I rendered contracts that are Blaze templates saved as strinngs in the database. It works but has an ugly eval in it, so maybe somebody has a better idea.
Don’t worry that the code is in CoffeeScript, that’s just better JavaScript.

Template.ocupacionesContrato.onCreated ->
    @texto = new ReactiveVar()

    texto: () -> Template.instance().texto.get()
    'change #contratos': (event, template) =>
        args = ['contrato', 'ocupacion', 'inquilino', 'entidad', 'edificio'].map((i) -> template[i].get())
        template.texto.set(getContractText args)

getContractText = (params) ->
    [contrato, ocupacion, inquilino, entidad, edificio] = params
    if contrato
        nombre = contrato.nombre.replace(/ /g, '')
        templateId =
        texto = contrato?.texto
            .replace(/(?:\r\n|\r|\n)/g, '<br>')
            .replace(/  /g, '&nbsp;&nbsp;')
        texto = processMarkup(texto)
        compiled = SpacebarsCompiler.compile(texto, { isTemplate: true })
        renderer = eval(compiled)
        UI.Template.__define__(templateId, renderer)
        data =
            ocupacion: ocupacion
            inquilino: inquilino
            entidad: entidad
            edificio: edificio

        propietario = Propietarios.findOne(Session.get('PropietarioID'))

            ocupacion: -> ocupacion
            contrato: () -> contrato
            dia: (fecha = new Date()) -> pad2Null(fecha?.getDate())
            mes: (fecha = new Date()) -> pad2Null(fecha?.getMonth() + 1)
            mesNombre: (fecha = new Date()) -> mesNobre(fecha?.getMonth())
            año: (fecha = new Date()) -> fecha?.getFullYear()
            nombrePropietario: () -> propietario?.nombreCompleto
        Blaze.toHTMLWithData Template[templateId], data # the result of this is the return value


And that’s very good to be prevented from execution because this would open doors for an XSS attack too easily