Sanitizer callback for unescaped values

mustache.js

@@ -550,8 +550,12 @@
 
   Writer.prototype.unescapedValue = function unescapedValue (token, context) {
     var value = context.lookup(token[1]);
-    if (value != null)
+    if (value != null) {
+      if (mustache.sanitizeUnescaped) {
+        return mustache.sanitizeUnescaped(value);
+      }
       return value;
+    }
   };
 
   Writer.prototype.escapedValue = function escapedValue (token, context) {
@@ -619,6 +623,12 @@
   // See https://github.com/janl/mustache.js/issues/244
   mustache.escape = escapeHtml;
 
+  // Export the sanitizing function for unescaped values.
+  mustache.sanitizeUnescaped = null;
+  mustache.setUnescapedSanitizier = function setUnescapedSanitizier (sanitizeUnescaped) {
+    mustache.sanitizeUnescaped = sanitizeUnescaped;
+  };
+
   // Export these mainly for testing, but also for advanced usage.
   mustache.Scanner = Scanner;
   mustache.Context = Context;

test/sanitize-test.js

@@ -0,0 +1,18 @@
+require('./helper');
+
+var renderHelper = require('./render-helper');
+
+var tests = renderHelper.getTests();
+
+describe('Mustache.sanitizeUnescaped', function () {
+  beforeEach(function () {
+    Mustache.setUnescapedSanitizier(function(value) {
+      return value.toUpperCase();
+    });
+  });
+
+  it('requires template to be a string', function () {
+    assert.equal(Mustache.render('{{{value}}}', {value: '<b>abc</b>'}),
+        '<B>ABC</B>');
+  });
+});