stephannv · stephannv · Sep 9, 2024 · Sep 9, 2024
diff --git a/spec/blueprint/html/utils_spec.cr b/spec/blueprint/html/utils_spec.cr
@@ -16,6 +16,9 @@ private class DummyPage
 
     comment { "This is an html comment" }
     comment "This is another html comment"
+
+    unsafe_raw "<script>Dangerous script</script>"
+    div { unsafe_raw { "<script>Another dangerous script</script>" } }
   end
 end
 
@@ -57,4 +60,18 @@ describe "Blueprint::HTML utils" do
       page.to_html.should contain("<i>Hi</i> User")
     end
   end
+
+  describe "#unsafe_raw" do
+    it "renders content passed via argument without escaping" do
+      page = DummyPage.new
+
+      page.to_html.should contain("<script>Dangerous script</script>")
+    end
+
+    it "renders content passed via block without escaping" do
+      page = DummyPage.new
+
+      page.to_html.should contain("<div><script>Another dangerous script</script></div>")
+    end
+  end
 end
diff --git a/src/blueprint/html/utils.cr b/src/blueprint/html/utils.cr
@@ -22,4 +22,12 @@ module Blueprint::HTML
   private def whitespace : Nil
     @buffer << " "
   end
+
+  def unsafe_raw(content : String) : Nil
+    @buffer << content
+  end
+
+  def unsafe_raw(&) : Nil
+    @buffer << yield
+  end
 end