marko 5.33.14 → 5.33.16

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. package/dist/runtime/html/helpers/escape-script-placeholder.js +6 -5
  2. package/dist/runtime/html/helpers/escape-style-placeholder.js +6 -5
  3. package/dist/runtime/html/helpers/escape-xml.js +8 -32
  4. package/docs/fastify.md +18 -0
  5. package/package.json +1 -1
  6. package/src/runtime/html/helpers/escape-script-placeholder.js +6 -5
  7. package/src/runtime/html/helpers/escape-style-placeholder.js +6 -5
  8. package/src/runtime/html/helpers/escape-xml.js +8 -32
package/dist/runtime/html/helpers/escape-script-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/script/g;
3
+ const replaceMatch = () => "\\x3C/script";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <script> body to avoid the `<script>` being
@@ -15,9 +19,6 @@
15
19
  * prematurely ended and a new script tag could then be started that could then execute
16
20
  * arbitrary code.
17
21
  */
18
- var escapeEndingScriptTagRegExp = /<\/script/g;
19
- module.exports = function escapeScriptHelper(val) {
20
- return typeof val === "string" ?
21
- val.replace(escapeEndingScriptTagRegExp, "\\u003C/script") :
22
- val + "";
22
+ module.exports = function escapeScriptHelper(value) {
23
+ return escape(value + "");
23
24
  };
package/dist/runtime/html/helpers/escape-style-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/style/g;
3
+ const replaceMatch = () => "\\3C/style";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <style> body to avoid the `<style>` being
@@ -13,9 +17,6 @@
13
17
  * prematurely ended and a script tag could then be started that could then execute
14
18
  * arbitrary code.
15
19
  */
16
- var escapeEndingStyleTagRegExp = /<\/style/g;
17
- module.exports = function escapeScriptHelper(val) {
18
- return typeof val === "string" ?
19
- val.replace(escapeEndingStyleTagRegExp, "\\003C/style") :
20
- val + "";
20
+ module.exports = function escapeScriptHelper(value) {
21
+ return escape(value + "");
21
22
  };
package/dist/runtime/html/helpers/escape-xml.js CHANGED
@@ -1,4 +1,10 @@
1
1
  "use strict";
2
+ const unsafeCharsRegExp = /[<&]/g;
3
+ const replaceMatch = (c) => c === "&" ? "&amp;" : "&lt;";
4
+ const escape = (str) =>
5
+ unsafeCharsRegExp.test(str) ?
6
+ str.replace(unsafeCharsRegExp, replaceMatch) :
7
+ str;
2
8
 
3
9
  module.exports.x = function (value) {
4
10
  if (value == null) {
@@ -9,37 +15,7 @@ module.exports.x = function (value) {
9
15
  return value.toHTML();
10
16
  }
11
17
 
12
- return escapeXML(value + "");
18
+ return escape(value + "");
13
19
  };
14
20
 
15
- exports.bo_ = escapeXML;
16
-
17
- function escapeXML(str) {
18
- var len = str.length;
19
- var result = "";
20
- var lastPos = 0;
21
- var i = 0;
22
- var replacement;
23
-
24
- for (; i < len; i++) {
25
- switch (str[i]) {
26
- case "<":
27
- replacement = "&lt;";
28
- break;
29
- case "&":
30
- replacement = "&amp;";
31
- break;
32
- default:
33
- continue;
34
- }
35
-
36
- result += str.slice(lastPos, i) + replacement;
37
- lastPos = i + 1;
38
- }
39
-
40
- if (lastPos) {
41
- return result + str.slice(lastPos);
42
- }
43
-
44
- return str;
45
- }
21
+ exports.bo_ = escape;
package/docs/fastify.md CHANGED
@@ -41,6 +41,24 @@ app.get("/", (request, reply) => {
41
41
  await fastify.listen(3000);
42
42
  ```
43
43
 
44
+ ### Global Outputs
45
+
46
+ We can add global outputs from the server side using the reply object or fastify instance.
47
+
48
+ ```javascript
49
+ reply.locals.newProperty = "Your value";
50
+ ```
51
+
52
+ To use this in marko components we just need to refer out.global
53
+
54
+ ```marko
55
+ $ const { newProperty } = $global;
56
+ ```
57
+
58
+ To know more about sending the data to the browser checkout:
59
+
60
+ ### [Sending global data to browsers](https://markojs.com/docs/rendering/#sending-global-data-to-browsers)
61
+
44
62
  ### BYOB (Bring your own bundler)
45
63
 
46
64
  For the large portion of Marko's API a bundler is required. The example code above assumes that Marko templates can be loaded in your environment.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "marko",
3
- "version": "5.33.14",
3
+ "version": "5.33.16",
4
4
  "description": "UI Components + streaming, async, high performance, HTML templating for Node.js and the browser.",
5
5
  "keywords": [
6
6
  "front-end",
package/src/runtime/html/helpers/escape-script-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/script/g;
3
+ const replaceMatch = () => "\\x3C/script";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <script> body to avoid the `<script>` being
@@ -15,9 +19,6 @@
15
19
  * prematurely ended and a new script tag could then be started that could then execute
16
20
  * arbitrary code.
17
21
  */
18
- var escapeEndingScriptTagRegExp = /<\/script/g;
19
- module.exports = function escapeScriptHelper(val) {
20
- return typeof val === "string"
21
- ? val.replace(escapeEndingScriptTagRegExp, "\\u003C/script")
22
- : val + "";
22
+ module.exports = function escapeScriptHelper(value) {
23
+ return escape(value + "");
23
24
  };
package/src/runtime/html/helpers/escape-style-placeholder.js CHANGED
@@ -1,4 +1,8 @@
1
1
  "use strict";
2
+ const unsafeCharsReg = /<\/style/g;
3
+ const replaceMatch = () => "\\3C/style";
4
+ const escape = (str) =>
5
+ unsafeCharsReg.test(str) ? str.replace(unsafeCharsReg, replaceMatch) : str;
2
6
 
3
7
  /**
4
8
  * Escapes the '</' sequence in the body of a <style> body to avoid the `<style>` being
@@ -13,9 +17,6 @@
13
17
  * prematurely ended and a script tag could then be started that could then execute
14
18
  * arbitrary code.
15
19
  */
16
- var escapeEndingStyleTagRegExp = /<\/style/g;
17
- module.exports = function escapeScriptHelper(val) {
18
- return typeof val === "string"
19
- ? val.replace(escapeEndingStyleTagRegExp, "\\003C/style")
20
- : val + "";
20
+ module.exports = function escapeScriptHelper(value) {
21
+ return escape(value + "");
21
22
  };
package/src/runtime/html/helpers/escape-xml.js CHANGED
@@ -1,4 +1,10 @@
1
1
  "use strict";
2
+ const unsafeCharsRegExp = /[<&]/g;
3
+ const replaceMatch = (c) => (c === "&" ? "&amp;" : "&lt;");
4
+ const escape = (str) =>
5
+ unsafeCharsRegExp.test(str)
6
+ ? str.replace(unsafeCharsRegExp, replaceMatch)
7
+ : str;
2
8
 
3
9
  module.exports.x = function (value) {
4
10
  if (value == null) {
@@ -9,37 +15,7 @@ module.exports.x = function (value) {
9
15
  return value.toHTML();
10
16
  }
11
17
 
12
- return escapeXML(value + "");
18
+ return escape(value + "");
13
19
  };
14
20
 
15
- exports.___escapeXML = escapeXML;
16
-
17
- function escapeXML(str) {
18
- var len = str.length;
19
- var result = "";
20
- var lastPos = 0;
21
- var i = 0;
22
- var replacement;
23
-
24
- for (; i < len; i++) {
25
- switch (str[i]) {
26
- case "<":
27
- replacement = "&lt;";
28
- break;
29
- case "&":
30
- replacement = "&amp;";
31
- break;
32
- default:
33
- continue;
34
- }
35
-
36
- result += str.slice(lastPos, i) + replacement;
37
- lastPos = i + 1;
38
- }
39
-
40
- if (lastPos) {
41
- return result + str.slice(lastPos);
42
- }
43
-
44
- return str;
45
- }
21
+ exports.___escapeXML = escape;