ghtml 2.0.0 → 2.0.2

package/.eslintrc.json

@@ -2,6 +2,7 @@
   "root": true,
   "extends": ["plugin:grules/all"],
   "rules": {
-    "no-await-in-loop": "off"
+    "no-await-in-loop": "off",
+    "require-unicode-regexp": "off"
   }
 }

package/README.md

@@ -20,11 +20,11 @@ The `htmlGenerator` function acts as the generator version of the `html` functio
 
 **Note:**
 
-Keep in mind that, in Node.js, all else being equal, streaming a response using synchronous generators will **always** be slower than processing everything directly and sending it at once — [this also applies to TTFB](https://github.com/mcollina/fastify-html/issues/11#issuecomment-2069385895). However, if a template includes promises that do asynchronous operations (I/O, etc.), then `htmlAsyncGenerator` can be used to stream the response as those promises get resolved, which will indeed improve TTFB.
+Keep in mind that, in Node.js, all else being equal, streaming a response using synchronous generators is **always** slower than processing everything directly and sending it at once — [this also applies to TTFB](https://github.com/mcollina/fastify-html/issues/11#issuecomment-2069385895). However, if a template includes promises that do asynchronous operations (I/O, etc.), then `htmlAsyncGenerator` can be used to stream the response as those promises get resolved, which does indeed improve TTFB.
 
 ### `htmlAsyncGenerator`
 
-This version of HTML generator should be preferred for asynchronous and streaming use cases. The output will be generated as the promise expressions resolve or stream expressions send data.
+This version of HTML generator should be preferred for asynchronous and streaming use cases. The output is generated as the promise expressions resolve or stream expressions send data.
 
 **Minor Note:**
 
@@ -42,7 +42,7 @@ Available in Node.js, the `includeFile` function is a wrapper around `readFileSy
 import { html } from "ghtml";
 
 const username = '<img src="https://example.com/pwned.png">';
-const greeting = html`<h1>Hello, ${username}!</h1>`;
+const greeting = html`<h1>Hello, ${username}</h1>`;
 
 console.log(greeting);
 // Output: <h1>Hello, &#60;img src=&#34;https://example.com/pwned.png&#34;&#62;</h1>
@@ -58,7 +58,7 @@ console.log(container);
 // Output: <div><img src="https://example.com/safe.png"></div>
 ```
 
-When nesting multiple `html` expressions, always use `!` as they will do their own escaping:
+When nesting multiple `html` expressions, make sure to use `!` as the inner calls do their own escaping:
 
 ```js
 const someCondition = Math.random() >= 0.5;
@@ -171,4 +171,4 @@ console.log(logo);
 
 ## Security
 
-Like [similar](https://handlebarsjs.com/guide/#html-escaping) [tools](https://github.com/mde/ejs/blob/main/SECURITY.md#out-of-scope-vulnerabilities), `ghtml` will not prevent all kinds of XSS attacks. It is the responsibility of consumers to sanitize user inputs. Some inherently insecure uses include dynamically generating JavaScript, failing to quote HTML attribute values (especially when they contain expressions), and using unsanitized user-provided URLs.
+Like [similar](https://handlebarsjs.com/guide/#html-escaping) [tools](https://github.com/mde/ejs/blob/main/SECURITY.md#out-of-scope-vulnerabilities), `ghtml` does not prevent all kinds of XSS attacks. It is the responsibility of consumers to sanitize user inputs. Some inherently insecure uses include dynamically generating JavaScript, failing to quote HTML attribute values (especially when they contain expressions), and using unsanitized user-provided URLs.

package/package.json

@@ -3,7 +3,7 @@
   "description": "Replace your template engine with fast JavaScript by leveraging the power of tagged templates.",
   "author": "Gürgün Dayıoğlu",
   "license": "MIT",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "type": "module",
   "main": "./src/index.js",
   "exports": {
@@ -21,7 +21,7 @@
   },
   "devDependencies": {
     "@fastify/pre-commit": "^2.1.0",
-    "c8": "^9.1.0",
+    "c8": "^10.0.0",
     "grules": "^0.17.2",
     "tinybench": "^2.8.0"
   },

package/src/html.js

@@ -1,3 +1,9 @@
+const arrayIsArray = Array.isArray;
+
+const symbolIterator = Symbol.iterator;
+
+const symbolAsyncIterator = Symbol.asyncIterator;
+
 const escapeDictionary = {
   '"': """,
   "&": "&",
@@ -7,10 +13,7 @@ const escapeDictionary = {
   "`": "`",
 };
 
-const escapeRegExp = new RegExp(
-  `[${Object.keys(escapeDictionary).join("")}]`,
-  "u",
-);
+const escapeRegExp = new RegExp(`[${Object.keys(escapeDictionary).join("")}]`);
 
 const escapeFunction = (string) => {
   const stringLength = string.length;
@@ -30,8 +33,6 @@ const escapeFunction = (string) => {
   return escaped + string.slice(start, end);
 };
 
-const arrayIsArray = Array.isArray;
-
 /**
  * @param {{ raw: string[] }} literals Tagged template literals.
  * @param {...any} expressions Expressions to interpolate.
@@ -85,7 +86,7 @@ const htmlGenerator = function* ({ raw: literals }, ...expressions) {
     } else if (expression === undefined || expression === null) {
       string = "";
     } else {
-      if (expression[Symbol.iterator]) {
+      if (expression[symbolIterator]) {
         const isRaw =
           literal !== "" && literal.charCodeAt(literal.length - 1) === 33;
 
@@ -105,13 +106,17 @@ const htmlGenerator = function* ({ raw: literals }, ...expressions) {
               continue;
             }
 
-            if (expression[Symbol.iterator]) {
+            if (expression[symbolIterator]) {
               for (expression of expression) {
-                if (expression === undefined || expression === null) {
-                  continue;
-                }
+                if (typeof expression === "string") {
+                  string = expression;
+                } else {
+                  if (expression === undefined || expression === null) {
+                    continue;
+                  }
 
-                string = `${expression}`;
+                  string = `${expression}`;
+                }
 
                 if (string) {
                   if (!isRaw && escapeRegExp.test(string)) {
@@ -178,7 +183,7 @@ const htmlAsyncGenerator = async function* ({ raw: literals }, ...expressions) {
     } else if (expression === undefined || expression === null) {
       string = "";
     } else {
-      if (expression[Symbol.iterator] || expression[Symbol.asyncIterator]) {
+      if (expression[symbolIterator] || expression[symbolAsyncIterator]) {
         const isRaw =
           literal !== "" && literal.charCodeAt(literal.length - 1) === 33;
 
@@ -198,16 +203,17 @@ const htmlAsyncGenerator = async function* ({ raw: literals }, ...expressions) {
               continue;
             }
 
-            if (
-              expression[Symbol.iterator] ||
-              expression[Symbol.asyncIterator]
-            ) {
+            if (expression[symbolIterator] || expression[symbolAsyncIterator]) {
               for await (expression of expression) {
-                if (expression === undefined || expression === null) {
-                  continue;
-                }
+                if (typeof expression === "string") {
+                  string = expression;
+                } else {
+                  if (expression === undefined || expression === null) {
+                    continue;
+                  }
 
-                string = `${expression}`;
+                  string = `${expression}`;
+                }
 
                 if (string) {
                   if (!isRaw && escapeRegExp.test(string)) {