Skip to content
a brush is remotely like a mustache except it isn't
JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
.travis.yml
README.md
brush.js
brush.min.js
package.json
test.js

README.md

Build Status

brush

a brush is sort of like a mustache except it isn't. brush does its best to escape HTML. a swab is even less like a mustache.

brush is pretty tiny:

$ wc -c < brush.min.js
351

brush works everywhere:

if(typeof module!=='undefined') module.exports=brush;
else if(typeof window!=='undefined') window.brush=brush;
return brush;

brush(template,context)

var brush = require('brush');
var template = 'banana is {{banana}} and I see a bunch of {{ninjas}}';
var context = { banana: 'tasty' }; //ninjas are obviously invisible
console.log(brush(template, context));

output:

banana is tasty and I see a bunch of 

brush escapes HTML:

var brush = require('brush');
var template = '{{user}} said {{comment}}';
var context = {
    user: 'XSS villain',
    comment: '<script>alert("all your website are belong to us");</script>'
};
console.log(brush(template, context));

output:

XSS villain said &lt;script&gt;alert(&quot;all your website are belong to us&quot;);&lt;&#x2F;script&gt;
Something went wrong with that request. Please try again.