ghtml 2.0.2 → 2.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/SECURITY.md +12 -0
- package/package.json +1 -1
- package/src/html.js +7 -7
package/README.md
CHANGED
|
@@ -8,7 +8,7 @@ Inspired by [html-template-tag](https://github.com/AntonioVdlC/html-template-tag
|
|
|
8
8
|
npm i ghtml
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
-
## API
|
|
11
|
+
## API
|
|
12
12
|
|
|
13
13
|
### `html`
|
|
14
14
|
|
|
@@ -26,13 +26,13 @@ Keep in mind that, in Node.js, all else being equal, streaming a response using
|
|
|
26
26
|
|
|
27
27
|
This version of HTML generator should be preferred for asynchronous and streaming use cases. The output is generated as the promise expressions resolve or stream expressions send data.
|
|
28
28
|
|
|
29
|
-
**
|
|
29
|
+
**Note:**
|
|
30
30
|
|
|
31
31
|
Because they return generators instead of strings, a key difference of `htmlGenerator` and `htmlAsyncGenerator` is their ability to recognize and properly handle iterable elements within array expressions. This is to detect nested `htmlGenerator` and `htmlAsyncGenerator` usage, enabling scenarios such as ``${[1, 2, 3].map(i => htmlGenerator`<li>${i}</li>`)}``.
|
|
32
32
|
|
|
33
33
|
### `includeFile`
|
|
34
34
|
|
|
35
|
-
Available in Node.js, the `includeFile` function is a wrapper around `readFileSync`. It reads and
|
|
35
|
+
Available in Node.js, the `includeFile` function is a wrapper around `readFileSync`. It reads and returns the content of a file while also caching it in memory for faster future reuse.
|
|
36
36
|
|
|
37
37
|
## Usage
|
|
38
38
|
|
|
@@ -171,4 +171,4 @@ console.log(logo);
|
|
|
171
171
|
|
|
172
172
|
## Security
|
|
173
173
|
|
|
174
|
-
Like [similar](https://
|
|
174
|
+
Like [similar](https://github.com/mde/ejs/blob/main/SECURITY.md#out-of-scope-vulnerabilities) [tools](https://handlebarsjs.com/guide/#html-escaping), ghtml does not prevent all kinds of XSS attacks. It is the responsibility of developers to sanitize user inputs. Some inherently insecure uses include dynamically generating JavaScript, failing to quote HTML attribute values (especially when they contain expressions), and relying on unsanitized user-provided URLs.
|
package/SECURITY.md
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Supported Versions
|
|
4
|
+
|
|
5
|
+
| Version | Supported |
|
|
6
|
+
| ------- | ------------------ |
|
|
7
|
+
| ^1 | :x: |
|
|
8
|
+
| ^2 | :white_check_mark: |
|
|
9
|
+
|
|
10
|
+
## Reporting a Vulnerability
|
|
11
|
+
|
|
12
|
+
Please report all vulnerabilities to [https://github.com/gurgunday/ghtml/security](https://github.com/gurgunday/ghtml/security).
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"description": "Replace your template engine with fast JavaScript by leveraging the power of tagged templates.",
|
|
4
4
|
"author": "Gürgün Dayıoğlu",
|
|
5
5
|
"license": "MIT",
|
|
6
|
-
"version": "2.0.
|
|
6
|
+
"version": "2.0.3",
|
|
7
7
|
"type": "module",
|
|
8
8
|
"main": "./src/index.js",
|
|
9
9
|
"exports": {
|
package/src/html.js
CHANGED
|
@@ -49,7 +49,7 @@ const html = ({ raw: literals }, ...expressions) => {
|
|
|
49
49
|
let string =
|
|
50
50
|
typeof expression === "string"
|
|
51
51
|
? expression
|
|
52
|
-
: expression
|
|
52
|
+
: expression == null
|
|
53
53
|
? ""
|
|
54
54
|
: arrayIsArray(expression)
|
|
55
55
|
? expression.join("")
|
|
@@ -83,7 +83,7 @@ const htmlGenerator = function* ({ raw: literals }, ...expressions) {
|
|
|
83
83
|
|
|
84
84
|
if (typeof expression === "string") {
|
|
85
85
|
string = expression;
|
|
86
|
-
} else if (expression
|
|
86
|
+
} else if (expression == null) {
|
|
87
87
|
string = "";
|
|
88
88
|
} else {
|
|
89
89
|
if (expression[symbolIterator]) {
|
|
@@ -102,7 +102,7 @@ const htmlGenerator = function* ({ raw: literals }, ...expressions) {
|
|
|
102
102
|
if (typeof expression === "string") {
|
|
103
103
|
string = expression;
|
|
104
104
|
} else {
|
|
105
|
-
if (expression
|
|
105
|
+
if (expression == null) {
|
|
106
106
|
continue;
|
|
107
107
|
}
|
|
108
108
|
|
|
@@ -111,7 +111,7 @@ const htmlGenerator = function* ({ raw: literals }, ...expressions) {
|
|
|
111
111
|
if (typeof expression === "string") {
|
|
112
112
|
string = expression;
|
|
113
113
|
} else {
|
|
114
|
-
if (expression
|
|
114
|
+
if (expression == null) {
|
|
115
115
|
continue;
|
|
116
116
|
}
|
|
117
117
|
|
|
@@ -180,7 +180,7 @@ const htmlAsyncGenerator = async function* ({ raw: literals }, ...expressions) {
|
|
|
180
180
|
|
|
181
181
|
if (typeof expression === "string") {
|
|
182
182
|
string = expression;
|
|
183
|
-
} else if (expression
|
|
183
|
+
} else if (expression == null) {
|
|
184
184
|
string = "";
|
|
185
185
|
} else {
|
|
186
186
|
if (expression[symbolIterator] || expression[symbolAsyncIterator]) {
|
|
@@ -199,7 +199,7 @@ const htmlAsyncGenerator = async function* ({ raw: literals }, ...expressions) {
|
|
|
199
199
|
if (typeof expression === "string") {
|
|
200
200
|
string = expression;
|
|
201
201
|
} else {
|
|
202
|
-
if (expression
|
|
202
|
+
if (expression == null) {
|
|
203
203
|
continue;
|
|
204
204
|
}
|
|
205
205
|
|
|
@@ -208,7 +208,7 @@ const htmlAsyncGenerator = async function* ({ raw: literals }, ...expressions) {
|
|
|
208
208
|
if (typeof expression === "string") {
|
|
209
209
|
string = expression;
|
|
210
210
|
} else {
|
|
211
|
-
if (expression
|
|
211
|
+
if (expression == null) {
|
|
212
212
|
continue;
|
|
213
213
|
}
|
|
214
214
|
|