search

i-like-robots / hyperons

🔥 The fastest JSX to string renderer on the server and in the browser.
https://www.npmjs.com/package/hyperons
MIT License
45 stars 4 forks source link

Safe string #4

Closed i-like-robots closed 6 years ago

i-like-robots commented 6 years ago

This will wrap all output in an instance of SafeString which extends the global String object. This makes it easy to distinguish the output of Hyperons so that it doesn't double-escape child elements.

The downside is that the consumer must convert the string object to a string primitive.

This doesn't cause any degradation in performance according to benchmarks.

As discussed in #3 the current heuristic may be dangerous if unsanitised input is passed to the template. Arguably apps should be sanitising user input, however.

coveralls commented 6 years ago

Coverage Status

Coverage decreased (-3.6%) to 96.35% when pulling fad0cb0b6746ba750562fbd0f8bac52dafabee5e on safe-string into 7addfe0d689d35787d37ef07f75d13e1a874ae13 on master.