ghtml 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/.eslintrc.json +5 -1
  2. package/README.md +3 -1
  3. package/bench/index.js +3 -11
  4. package/bin/README.md +2 -2
  5. package/bin/example/.eslintrc.json +6 -0
  6. package/bin/example/package.json +1 -1
  7. package/bin/src/index.js +8 -4
  8. package/bin/src/utils.js +30 -34
  9. package/package.json +2 -2
  10. package/src/html.js +1 -1
package/.eslintrc.json CHANGED
@@ -1,4 +1,8 @@
1
1
  {
2
2
  "root": true,
3
- "extends": ["plugin:grules/all"]
3
+ "extends": ["plugin:grules/all"],
4
+ "rules": {
5
+ "no-await-in-loop": "off",
6
+ "require-unicode-regexp": "off"
7
+ }
4
8
  }
package/README.md CHANGED
@@ -2,6 +2,8 @@ ta**ghtml** lets you replace your template engine with fast JavaScript by levera
2
2
 
3
3
  Inspired by [html-template-tag](https://github.com/AntonioVdlC/html-template-tag).
4
4
 
5
+ ![ghtml.gif](./ghtml.gif)
6
+
5
7
  ## Installation
6
8
 
7
9
  ```sh
@@ -171,4 +173,4 @@ console.log(logo);
171
173
 
172
174
  ## Security
173
175
 
174
- Like [similar](https://github.com/mde/ejs/blob/main/SECURITY.md#out-of-scope-vulnerabilities) [tools](https://handlebarsjs.com/guide/#html-escaping), ghtml does not prevent all kinds of XSS attacks. It is the responsibility of developers to sanitize user inputs. Some inherently insecure uses include dynamically generating JavaScript, failing to quote HTML attribute values (especially when they contain expressions), and relying on unsanitized user-provided URLs.
176
+ Like [similar](https://github.com/mde/ejs/blob/main/SECURITY.md#out-of-scope-vulnerabilities) [tools](https://handlebarsjs.com/guide/#html-escaping), ghtml does not prevent all kinds of XSS attacks. It is the responsibility of developers to sanitize user inputs. Some inherently insecure uses include dynamically generating JavaScript, failing to quote HTML attribute values (especially when they contain expressions), and relying on unsanitized user-provided URIs.
package/bench/index.js CHANGED
@@ -1,5 +1,4 @@
1
1
  /* eslint-disable no-unused-vars */
2
- /* eslint-disable no-unused-expressions */
3
2
  import { html } from "../src/index.js";
4
3
  import { Bench } from "tinybench";
5
4
  import { writeFileSync } from "node:fs";
@@ -8,7 +7,6 @@ import { Buffer } from "node:buffer";
8
7
  let result = "";
9
8
  const bench = new Bench({ time: 500 });
10
9
 
11
- // Simple cases
12
10
  bench.add("simple HTML formatting", () => {
13
11
  result = html`<div>Hello, world!</div>`;
14
12
  });
@@ -17,7 +15,6 @@ bench.add("null and undefined expressions", () => {
17
15
  result = html`<p>${null} and ${undefined}</p>`;
18
16
  });
19
17
 
20
- // String expressions
21
18
  const username = "User";
22
19
  bench.add("single string expression", () => {
23
20
  result = html`<p>${username}</p>`;
@@ -27,7 +24,6 @@ bench.add("multiple string expressions", () => {
27
24
  result = html`<p>${username} and ${username}</p>`;
28
25
  });
29
26
 
30
- // Array expressions
31
27
  const items1 = ["Item 1", undefined, "Item 2", null, 2000, 1500.5];
32
28
  bench.add("array expressions", () => {
33
29
  result = html`<ul>
@@ -46,7 +42,6 @@ bench.add("array expressions with escapable chars", () => {
46
42
  </ul>`;
47
43
  });
48
44
 
49
- // Object expressions
50
45
  const user = { id: 1, name: "John Doe" };
51
46
  bench.add("object expressions", () => {
52
47
  result = html`
@@ -55,7 +50,6 @@ bench.add("object expressions", () => {
55
50
  `;
56
51
  });
57
52
 
58
- // Mixed expressions
59
53
  bench.add("multiple types of expressions", () => {
60
54
  result = html`
61
55
  ${undefined}
@@ -70,17 +64,15 @@ bench.add("multiple types of expressions", () => {
70
64
  `;
71
65
  });
72
66
 
73
- // Large strings
74
67
  const largeString = Array.from({ length: 1000 }).join("Lorem ipsum ");
75
68
  bench.add("large strings", () => {
76
69
  result = html`<p>${largeString}${largeString}</p>`;
77
70
  });
78
71
 
79
- // Escaped and unescaped expressions
80
72
  const rawHTML = "<em>Italic</em> and <strong>bold</strong>";
81
73
  const markup = "<mark>Highlighted</mark>";
82
74
  bench.add("unescaped expressions", () => {
83
- html`
75
+ result = html`
84
76
  <div>!${rawHTML}</div>
85
77
  <div>!${rawHTML}</div>
86
78
  <div>!${markup}</div>
@@ -91,7 +83,7 @@ bench.add("unescaped expressions", () => {
91
83
  });
92
84
 
93
85
  bench.add("escaped expressions", () => {
94
- html`
86
+ result = html`
95
87
  <div>${rawHTML}</div>
96
88
  <div>${rawHTML}</div>
97
89
  <div>${markup}</div>
@@ -102,7 +94,7 @@ bench.add("escaped expressions", () => {
102
94
  });
103
95
 
104
96
  bench.add("mixed escaped and unescaped expressions", () => {
105
- html`
97
+ result = html`
106
98
  <div>!${rawHTML}</div>
107
99
  <div>!${rawHTML}</div>
108
100
  <div>${markup}</div>
package/bin/README.md CHANGED
@@ -1,4 +1,4 @@
1
- This executable lets you append unique hashes to assets referenced in your views to aggressively cache them while guaranteeing that clients receive the most recent versions.
1
+ Append unique hashes to assets referenced in your views to aggressively cache them while guaranteeing that clients receive the most recent versions.
2
2
 
3
3
  ## Usage
4
4
 
@@ -27,7 +27,7 @@ Add the `ghtml` command to the build script:
27
27
 
28
28
  ```json
29
29
  "scripts": {
30
- "build": "npx ghtml --roots=assets/ --refs=views/,routes/",
30
+ "build": "npx ghtml --roots=assets/ --refs=views/,routes/ --prefix=/p/assets/",
31
31
  },
32
32
  ```
33
33
 
package/bin/example/.eslintrc.json ADDED
@@ -0,0 +1,6 @@
1
+ {
2
+ "rules": {
3
+ "require-await": "off",
4
+ "n/no-missing-import": "off"
5
+ }
6
+ }
package/bin/example/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "main": "./server.js",
4
4
  "scripts": {
5
5
  "start": "node server.js",
6
- "build": "ghtml --roots=assets/ --refs=routes/"
6
+ "build": "ghtml --roots=assets/ --refs=routes/ --prefix=/p/assets/"
7
7
  },
8
8
  "dependencies": {
9
9
  "@fastify/static": "^7.0.1",
package/bin/src/index.js CHANGED
@@ -1,41 +1,45 @@
1
1
  #!/usr/bin/env node
2
-
3
2
  import { generateHashesAndReplace } from "./utils.js";
4
3
  import process from "node:process";
5
4
 
6
5
  const parseArguments = (args) => {
7
6
  let roots = null;
8
7
  let refs = null;
8
+ let prefix = "/";
9
9
 
10
10
  for (const arg of args) {
11
11
  if (arg.startsWith("--roots=")) {
12
12
  roots = arg.split("=", 2)[1].split(",");
13
13
  } else if (arg.startsWith("--refs=")) {
14
14
  refs = arg.split("=", 2)[1].split(",");
15
+ } else if (arg.startsWith("--prefix=")) {
16
+ prefix = arg.split("=", 2)[1];
15
17
  }
16
18
  }
17
19
 
18
20
  if (!roots || !refs) {
19
21
  console.error(
20
- 'Usage: npx ghtml --roots="path/to/scan/assets1/,path/to/scan/assets2/" --refs="views/path/to/append/hashes1/,views/path/to/append/hashes2/"',
22
+ 'Usage: npx ghtml --roots="path/to/scan/assets1/,path/to/scan/assets2/" --refs="views/path/to/append/hashes1/,views/path/to/append/hashes2/" [--prefix="/optional/prefix/"]',
21
23
  );
22
24
  process.exit(1);
23
25
  }
24
26
 
25
- return { roots, refs };
27
+ return { roots, refs, prefix };
26
28
  };
27
29
 
28
30
  const main = async () => {
29
- const { roots, refs } = parseArguments(process.argv.slice(2));
31
+ const { roots, refs, prefix } = parseArguments(process.argv.slice(2));
30
32
 
31
33
  try {
32
34
  console.warn(`Generating hashes and updating file paths...`);
33
35
  console.warn(`Scanning files in: ${roots}`);
34
36
  console.warn(`Updating files in: ${refs}`);
37
+ console.warn(`Using prefix: ${prefix}`);
35
38
 
36
39
  await generateHashesAndReplace({
37
40
  roots,
38
41
  refs,
42
+ prefix,
39
43
  });
40
44
 
41
45
  console.warn("Hash generation and file updates completed successfully.");
package/bin/src/utils.js CHANGED
@@ -18,6 +18,7 @@ const generateFileHash = async (filePath) => {
18
18
  const updateFilePathsWithHashes = async (
19
19
  fileHashes,
20
20
  refs,
21
+ prefix,
21
22
  includeDotFiles,
22
23
  skipPatterns,
23
24
  ) => {
@@ -38,42 +39,35 @@ const updateFilePathsWithHashes = async (
38
39
 
39
40
  for await (const filePath of filesIterable) {
40
41
  let content = await readFile(filePath, "utf8");
41
- let hasChanges = false;
42
-
43
- for (const [originalPath, hash] of fileHashes) {
44
- const pathIndex = content.indexOf(originalPath);
45
- if (pathIndex !== -1) {
46
- hasChanges = true;
47
- const beforePath = content.slice(0, pathIndex);
48
- const afterPath = content.slice(pathIndex + originalPath.length);
49
-
50
- const queryStart = afterPath.indexOf("?");
51
- if (queryStart === -1) {
52
- content = `${beforePath}${originalPath}?hash=${hash}${afterPath}`;
53
- continue;
54
- }
55
-
56
- const queryEnd = afterPath.slice(queryStart).search(/[#"'`]/u);
57
- const queryString =
58
- queryEnd !== -1
59
- ? afterPath.slice(queryStart + 1, queryEnd)
60
- : afterPath.slice(queryStart + 1);
61
-
62
- const hashRegex = /(?<=(?:^|&))hash=[^&]*/u;
63
- if (hashRegex.test(queryString)) {
64
- const newQueryString = queryString.replace(
65
- hashRegex,
66
- `hash=${hash}`,
67
- );
68
- content = `${beforePath}${originalPath}?${newQueryString}${afterPath.slice(queryStart + queryString.length + 1)}`;
69
- continue;
70
- }
71
-
72
- content = `${beforePath}${originalPath}?hash=${hash}&${afterPath.slice(queryStart + 1)}`;
73
- }
42
+ let found = false;
43
+
44
+ for (const [path, hash] of fileHashes) {
45
+ const fullPath = prefix + path;
46
+ const escapedPath = fullPath.replace(
47
+ /[$()*+.?[\\\]^{|}]/g,
48
+ String.raw`\$&`,
49
+ );
50
+ const regex = new RegExp(
51
+ `(?<path>${escapedPath})(\\?(?<queryString>[^#"'\`]*))?`,
52
+ "g",
53
+ );
54
+
55
+ content = content.replace(
56
+ regex,
57
+ (match, p1, p2, p3, offset, string, groups) => {
58
+ found = true;
59
+ const { path, queryString } = groups;
60
+
61
+ return !queryString
62
+ ? `${path}?hash=${hash}`
63
+ : queryString.includes("hash=")
64
+ ? `${path}?${queryString.replace(/(?<hash>hash=)[\dA-Fa-f]*/u, `$1${hash}`)}`
65
+ : `${path}?hash=${hash}&${queryString}`;
66
+ },
67
+ );
74
68
  }
75
69
 
76
- if (hasChanges) {
70
+ if (found) {
77
71
  await writeFile(filePath, content);
78
72
  }
79
73
  }
@@ -83,6 +77,7 @@ const updateFilePathsWithHashes = async (
83
77
  const generateHashesAndReplace = async ({
84
78
  roots,
85
79
  refs,
80
+ prefix,
86
81
  includeDotFiles = false,
87
82
  skipPatterns = ["**/node_modules/**"],
88
83
  }) => {
@@ -124,6 +119,7 @@ const generateHashesAndReplace = async ({
124
119
  await updateFilePathsWithHashes(
125
120
  fileHashes,
126
121
  refs,
122
+ prefix,
127
123
  includeDotFiles,
128
124
  skipPatterns,
129
125
  );
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "description": "Replace your template engine with fast JavaScript by leveraging the power of tagged templates.",
4
4
  "author": "Gürgün Dayıoğlu",
5
5
  "license": "MIT",
6
- "version": "2.2.0",
6
+ "version": "2.3.0",
7
7
  "type": "module",
8
8
  "bin": "./bin/src/index.js",
9
9
  "main": "./src/index.js",
@@ -26,7 +26,7 @@
26
26
  "devDependencies": {
27
27
  "@fastify/pre-commit": "^2.1.0",
28
28
  "c8": "^10.1.2",
29
- "grules": "^0.17.3",
29
+ "grules": "^0.21.0",
30
30
  "tinybench": "^2.8.0"
31
31
  },
32
32
  "repository": {
package/src/html.js CHANGED
@@ -33,7 +33,7 @@ const escapeFunction = (string) => {
33
33
  }
34
34
  }
35
35
 
36
- escaped += string.slice(start, string.length);
36
+ escaped += string.slice(start);
37
37
 
38
38
  return escaped;
39
39
  };