ghtml 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/src/html.js +3 -9
- package/test/index.js +19 -16
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"description": "Replace your template engine with fast JavaScript by leveraging the power of tagged templates.",
|
|
4
4
|
"author": "Gürgün Dayıoğlu",
|
|
5
5
|
"license": "MIT",
|
|
6
|
-
"version": "1.2.
|
|
6
|
+
"version": "1.2.1",
|
|
7
7
|
"type": "module",
|
|
8
8
|
"main": "./src/index.js",
|
|
9
9
|
"exports": {
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|
|
22
22
|
"@fastify/pre-commit": "^2.1.0",
|
|
23
|
-
"grules": "^0.
|
|
23
|
+
"grules": "^0.14.1"
|
|
24
24
|
},
|
|
25
25
|
"repository": {
|
|
26
26
|
"type": "git",
|
package/src/html.js
CHANGED
|
@@ -24,7 +24,7 @@ const html = (literals, ...expressions) => {
|
|
|
24
24
|
let accumulator = "";
|
|
25
25
|
let index = 0;
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
for (; index < expressions.length; ++index) {
|
|
28
28
|
let literal = literals.raw[index];
|
|
29
29
|
let expression =
|
|
30
30
|
typeof expressions[index] === "string"
|
|
@@ -42,12 +42,9 @@ const html = (literals, ...expressions) => {
|
|
|
42
42
|
}
|
|
43
43
|
|
|
44
44
|
accumulator += literal + expression;
|
|
45
|
-
++index;
|
|
46
45
|
}
|
|
47
46
|
|
|
48
|
-
accumulator += literals.raw[index];
|
|
49
|
-
|
|
50
|
-
return accumulator;
|
|
47
|
+
return (accumulator += literals.raw[index]);
|
|
51
48
|
};
|
|
52
49
|
|
|
53
50
|
/**
|
|
@@ -58,7 +55,7 @@ const html = (literals, ...expressions) => {
|
|
|
58
55
|
const htmlGenerator = function* (literals, ...expressions) {
|
|
59
56
|
let index = 0;
|
|
60
57
|
|
|
61
|
-
|
|
58
|
+
for (; index < expressions.length; ++index) {
|
|
62
59
|
let literal = literals.raw[index];
|
|
63
60
|
let expression;
|
|
64
61
|
|
|
@@ -100,7 +97,6 @@ const htmlGenerator = function* (literals, ...expressions) {
|
|
|
100
97
|
}
|
|
101
98
|
}
|
|
102
99
|
|
|
103
|
-
++index;
|
|
104
100
|
continue;
|
|
105
101
|
}
|
|
106
102
|
|
|
@@ -116,8 +112,6 @@ const htmlGenerator = function* (literals, ...expressions) {
|
|
|
116
112
|
if (literal.length || expression.length) {
|
|
117
113
|
yield literal + expression;
|
|
118
114
|
}
|
|
119
|
-
|
|
120
|
-
++index;
|
|
121
115
|
}
|
|
122
116
|
|
|
123
117
|
if (literals.raw[index].length) {
|
package/test/index.js
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
|
+
// eslint-disable-next-line n/no-missing-import
|
|
1
2
|
import test from "node:test";
|
|
2
3
|
import assert from "node:assert";
|
|
3
4
|
import { html, htmlGenerator } from "../src/index.js";
|
|
4
5
|
|
|
6
|
+
const conditionTrue = true;
|
|
7
|
+
const conditionFalse = false;
|
|
5
8
|
const username = "Paul";
|
|
6
9
|
const descriptionSafe = "This is a safe description.";
|
|
7
10
|
const descriptionUnsafe =
|
|
8
11
|
"<script>alert('This is an unsafe description.')</script>";
|
|
9
12
|
const array1 = [1, 2, 3, 4, 5];
|
|
10
|
-
const conditionTrue = true;
|
|
11
|
-
const conditionFalse = false;
|
|
12
|
-
const emptyString = "";
|
|
13
13
|
|
|
14
14
|
const generatorExample = function* () {
|
|
15
15
|
yield "<p>";
|
|
@@ -26,7 +26,7 @@ test("renders empty input", () => {
|
|
|
26
26
|
});
|
|
27
27
|
|
|
28
28
|
test("renders empty input", () => {
|
|
29
|
-
assert.strictEqual(html`${
|
|
29
|
+
assert.strictEqual(html`${""}`, "");
|
|
30
30
|
});
|
|
31
31
|
|
|
32
32
|
test("renders normal input", () => {
|
|
@@ -40,7 +40,7 @@ test("renders safe content", () => {
|
|
|
40
40
|
);
|
|
41
41
|
});
|
|
42
42
|
|
|
43
|
-
test("
|
|
43
|
+
test("renders unsafe content", () => {
|
|
44
44
|
assert.strictEqual(
|
|
45
45
|
html`<p>${descriptionUnsafe}</p>`,
|
|
46
46
|
`<p><script>alert('This is an unsafe description.')</script></p>`,
|
|
@@ -54,14 +54,14 @@ test("renders arrays", () => {
|
|
|
54
54
|
);
|
|
55
55
|
});
|
|
56
56
|
|
|
57
|
-
test("
|
|
57
|
+
test("bypasses escaping", () => {
|
|
58
58
|
assert.strictEqual(
|
|
59
59
|
html`<p>!${[descriptionSafe, descriptionUnsafe]}</p>`,
|
|
60
60
|
"<p>This is a safe description.<script>alert('This is an unsafe description.')</script></p>",
|
|
61
61
|
);
|
|
62
62
|
});
|
|
63
63
|
|
|
64
|
-
test("renders
|
|
64
|
+
test("renders nested html calls", () => {
|
|
65
65
|
// prettier-ignore
|
|
66
66
|
assert.strictEqual(
|
|
67
67
|
html`<p>!${conditionTrue ? html`<strong>${descriptionUnsafe}</strong>` : ""}</p>`,
|
|
@@ -117,17 +117,20 @@ test("renders multiple html calls with different expression types", () => {
|
|
|
117
117
|
});
|
|
118
118
|
|
|
119
119
|
test("htmlGenerator renders safe content", () => {
|
|
120
|
-
const generator = htmlGenerator`<p>${descriptionSafe}!${
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
assert.strictEqual(
|
|
120
|
+
const generator = htmlGenerator`<p>${descriptionSafe}!${descriptionUnsafe}G!${htmlGenerator`${array1}`}!${null}${255}</p>`;
|
|
121
|
+
let accumulator = "";
|
|
122
|
+
|
|
123
|
+
for (const value of generator) {
|
|
124
|
+
accumulator += value;
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
assert.strictEqual(
|
|
128
|
+
accumulator,
|
|
129
|
+
"<p>This is a safe description.<script>alert('This is an unsafe description.')</script>G12345255</p>",
|
|
130
|
+
);
|
|
128
131
|
});
|
|
129
132
|
|
|
130
|
-
test("htmlGenerator
|
|
133
|
+
test("htmlGenerator renders unsafe content", () => {
|
|
131
134
|
const generator = htmlGenerator`<p>${descriptionUnsafe}${descriptionUnsafe}${htmlGenerator`${array1}`}${null}${255}</p>`;
|
|
132
135
|
assert.strictEqual(
|
|
133
136
|
generator.next().value,
|