search

denoland / deno_ast

Source text parsing, lexing, and AST related functionality for Deno
https://crates.io/crates/deno_ast
MIT License
146 stars 45 forks source link

feat: jsx ensure dynamic values are escaped #178

Closed marvinhagemeister closed 10 months ago

marvinhagemeister commented 10 months ago

When we receive a dynamic value that we cannot analyze statically we need to ensure that it is escaped properly before processing it. This PR adds a new jsxEscape() function from the jsx runtime to support that.

The reason the new transform is fast is because it only concerns itself with concatenating strings together. To make this work efficiently jsxssr expects values to be pre-escaped. This is necessary to make jsxattr performant, otherwise you'd need to allocate the full props object again.

 // input
 <div>{foo}</div>

 // out
 jsxssr(tpl, jsxEscape(foo))
marvinhagemeister commented 10 months ago

Converting this back to draft, because I'm not sure about pre-escaping attribute values before passing to jsxattr.

marvinhagemeister commented 10 months ago

@bartlomieju ready for review