search

zspecza / common-tags

🔖 Useful template literal tags for dealing with strings in ES2015+
Other
1.99k stars 60 forks source link

Add safeHtml and replaceSubstitutionTransformer #42

Closed albkn closed 8 years ago

albkn commented 8 years ago

This adds safeHtml template tag and replaceSubstitutionTransformer

The safeHtml tag is really similar to html, but it does HTML escaping for strings coming from expression interpolations (strings coming from ${ ... }). The idea is that this new tag when combined with the html tag can become a lightweight HTML templating system that is safe from XSS attacks.

Example:

const fruits = ['apple', 'orange', '<script>alert("bad fruit")</script>']
const template = html`
  <ul>
    ${fruits.map(fruit => safeHtml`<li>${fruit}</li>`)}
  </ul>
`;

The replaceSubstitutionTransformer is similar to the replaceResultTransformer but replaces the results of substitutions instead of the end result. This is the transformer that does the regex replacement of characters needed in the safeHtml tag.

codecov-io commented 8 years ago

Current coverage is 100%

Merging #42 into master will not change coverage

@@           master   #42   diff @@
===================================
  Files           7     8     +1   
  Lines          16    18     +2   
  Methods         0     0          
  Messages        0     0          
  Branches        0     0          
===================================
+ Hits           16    18     +2   
  Misses          0     0          
  Partials        0     0

Powered by Codecov. Last updated by 327b008...959b74b

zspecza commented 8 years ago

This is great - thanks for the amazing contribution @morcerf 👍