marko 5.33.14 → 5.33.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/runtime/html/helpers/escape-script-placeholder.js +6 -5
  2. package/dist/runtime/html/helpers/escape-style-placeholder.js +6 -5
  3. package/dist/runtime/html/helpers/escape-xml.js +8 -32
  4. package/docs/fastify.md +18 -0
  5. package/package.json +1 -1
  6. package/src/runtime/html/helpers/escape-script-placeholder.js +6 -5
  7. package/src/runtime/html/helpers/escape-style-placeholder.js +6 -5
  8. package/src/runtime/html/helpers/escape-xml.js +8 -32
package/dist/runtime/html/helpers/escape-script-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/script/g;
3
+ const replaceMatch = () => "\\x3C/script";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <script> body to avoid the `<script>` being
@@ -15,9 +19,6 @@
15
19
  * prematurely ended and a new script tag could then be started that could then execute
16
20
  * arbitrary code.
17
21
  */
18
- var escapeEndingScriptTagRegExp = /<\/script/g;
19
- module.exports = function escapeScriptHelper(val) {
20
- return typeof val === "string" ?
21
- val.replace(escapeEndingScriptTagRegExp, "\\u003C/script") :
22
- val + "";
22
+ module.exports = function escapeScriptHelper(value) {
23
+ return escape(value + "");
23
24
  };
package/dist/runtime/html/helpers/escape-style-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/style/g;
3
+ const replaceMatch = () => "\\3C/style";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <style> body to avoid the `<style>` being
@@ -13,9 +17,6 @@
13
17
  * prematurely ended and a script tag could then be started that could then execute
14
18
  * arbitrary code.
15
19
  */
16
- var escapeEndingStyleTagRegExp = /<\/style/g;
17
- module.exports = function escapeScriptHelper(val) {
18
- return typeof val === "string" ?
19
- val.replace(escapeEndingStyleTagRegExp, "\\003C/style") :
20
- val + "";
20
+ module.exports = function escapeScriptHelper(value) {
21
+ return escape(value + "");
21
22
  };
package/dist/runtime/html/helpers/escape-xml.js CHANGED
@@ -1,4 +1,10 @@
1
1
  "use strict";
2
+ const unsafeCharsRegExp = /[<&]/g;
3
+ const replaceMatch = (c) => c === "&" ? "&amp;" : "&lt;";
4
+ const escape = (str) =>
5
+ unsafeCharsRegExp.test(str) ?
6
+ str.replace(unsafeCharsRegExp, replaceMatch) :
7
+ str;
2
8
 
3
9
  module.exports.x = function (value) {
4
10
  if (value == null) {
@@ -9,37 +15,7 @@ module.exports.x = function (value) {
9
15
  return value.toHTML();
10
16
  }
11
17
 
12
- return escapeXML(value + "");
18
+ return escape(value + "");
13
19
  };
14
20
 
15
- exports.bo_ = escapeXML;
16
-
17
- function escapeXML(str) {
18
- var len = str.length;
19
- var result = "";
20
- var lastPos = 0;
21
- var i = 0;
22
- var replacement;
23
-
24
- for (; i < len; i++) {
25
- switch (str[i]) {
26
- case "<":
27
- replacement = "&lt;";
28
- break;
29
- case "&":
30
- replacement = "&amp;";
31
- break;
32
- default:
33
- continue;
34
- }
35
-
36
- result += str.slice(lastPos, i) + replacement;
37
- lastPos = i + 1;
38
- }
39
-
40
- if (lastPos) {
41
- return result + str.slice(lastPos);
42
- }
43
-
44
- return str;
45
- }
21
+ exports.bo_ = escape;
package/docs/fastify.md CHANGED
@@ -41,6 +41,24 @@ app.get("/", (request, reply) => {
41
41
  await fastify.listen(3000);
42
42
  ```
43
43
 
44
+ ### Global Outputs
45
+
46
+ We can add global outputs from the server side using the reply object or fastify instance.
47
+
48
+ ```javascript
49
+ reply.locals.newProperty = "Your value";
50
+ ```
51
+
52
+ To use this in marko components we just need to refer out.global
53
+
54
+ ```marko
55
+ $ const { newProperty } = $global;
56
+ ```
57
+
58
+ To know more about sending the data to the browser checkout:
59
+
60
+ ### [Sending global data to browsers](https://markojs.com/docs/rendering/#sending-global-data-to-browsers)
61
+
44
62
  ### BYOB (Bring your own bundler)
45
63
 
46
64
  For the large portion of Marko's API a bundler is required. The example code above assumes that Marko templates can be loaded in your environment.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "marko",
3
- "version": "5.33.14",
3
+ "version": "5.33.16",
4
4
  "description": "UI Components + streaming, async, high performance, HTML templating for Node.js and the browser.",
5
5
  "keywords": [
6
6
  "front-end",
package/src/runtime/html/helpers/escape-script-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/script/g;
3
+ const replaceMatch = () => "\\x3C/script";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <script> body to avoid the `<script>` being
@@ -15,9 +19,6 @@
15
19
  * prematurely ended and a new script tag could then be started that could then execute
16
20
  * arbitrary code.
17
21
  */
18
- var escapeEndingScriptTagRegExp = /<\/script/g;
19
- module.exports = function escapeScriptHelper(val) {
20
- return typeof val === "string"
21
- ? val.replace(escapeEndingScriptTagRegExp, "\\u003C/script")
22
- : val + "";
22
+ module.exports = function escapeScriptHelper(value) {
23
+ return escape(value + "");
23
24
  };
package/src/runtime/html/helpers/escape-style-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/style/g;
3
+ const replaceMatch = () => "\\3C/style";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <style> body to avoid the `<style>` being
@@ -13,9 +17,6 @@
13
17
  * prematurely ended and a script tag could then be started that could then execute
14
18
  * arbitrary code.
15
19
  */
16
- var escapeEndingStyleTagRegExp = /<\/style/g;
17
- module.exports = function escapeScriptHelper(val) {
18
- return typeof val === "string"
19
- ? val.replace(escapeEndingStyleTagRegExp, "\\003C/style")
20
- : val + "";
20
+ module.exports = function escapeScriptHelper(value) {
21
+ return escape(value + "");
21
22
  };
package/src/runtime/html/helpers/escape-xml.js CHANGED
@@ -1,4 +1,10 @@
1
1
  "use strict";
2
+ const unsafeCharsRegExp = /[<&]/g;
3
+ const replaceMatch = (c) => (c === "&" ? "&amp;" : "&lt;");
4
+ const escape = (str) =>
5
+ unsafeCharsRegExp.test(str)
6
+ ? str.replace(unsafeCharsRegExp, replaceMatch)
7
+ : str;
2
8
 
3
9
  module.exports.x = function (value) {
4
10
  if (value == null) {
@@ -9,37 +15,7 @@ module.exports.x = function (value) {
9
15
  return value.toHTML();
10
16
  }
11
17
 
12
- return escapeXML(value + "");
18
+ return escape(value + "");
13
19
  };
14
20
 
15
- exports.___escapeXML = escapeXML;
16
-
17
- function escapeXML(str) {
18
- var len = str.length;
19
- var result = "";
20
- var lastPos = 0;
21
- var i = 0;
22
- var replacement;
23
-
24
- for (; i < len; i++) {
25
- switch (str[i]) {
26
- case "<":
27
- replacement = "&lt;";
28
- break;
29
- case "&":
30
- replacement = "&amp;";
31
- break;
32
- default:
33
- continue;
34
- }
35
-
36
- result += str.slice(lastPos, i) + replacement;
37
- lastPos = i + 1;
38
- }
39
-
40
- if (lastPos) {
41
- return result + str.slice(lastPos);
42
- }
43
-
44
- return str;
45
- }
21
+ exports.___escapeXML = escape;