Permalink
Browse files

add escape filter

  • Loading branch information...
1 parent 1942bb5 commit 5574b04cd746aad6a006f46c5d33a26b79f08f8b @shaunlee committed Apr 29, 2011
Showing with 41 additions and 12 deletions.
  1. +3 −0 Readme.md
  2. +18 −5 jst.js
  3. +19 −6 lib/jst.js
  4. +1 −1 package.json
View
@@ -40,6 +40,9 @@ via npm:
// Use `it.` as prefix of variables so that you can run it more than 30 times faster
jst.render('Hello {{ it.name }}', {name: 'jst'});
+ // Filters
+ jst.render('Hello {{ e(it.name) }}', {name: '<strong>jst</strong>'});
+
// Client side
<script src="jst.js"></script>
<script>
View
23 jst.js
@@ -13,15 +13,28 @@ var _cache = {},
useIt: false
};
+// filters
+
+const htmlCodes = {'&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;'},
+ htmlre = /[&<>"]/g,
+ htmlEscape = function (src) { return htmlCodes[src]; };
+
+jst_filter_escape = function(src) {
+ return typeof src !== 'string' ? src : src.replace(htmlre, htmlEscape);
+}
+
+// compiler
+
var compile = exports.compile = function(ctx) {
- _options.useIt = ctx.indexOf('{{ it.') > -1;
+ _options.useIt = /{{ (e\()?it\./.test(ctx);
var code = (_options.useIt ? 'var out = "' : 'var out = ""; with(it) { out += "')
+ ctx.replace(/[\t\r\n]/g, '')
- .replace(/"/g, '\\"').replace(/\{#.+?#\}/g, '')
- .replace(/\{\{ (.*?) \}\}/g, '"; out += $1; out += "')
- .split('\{% ').join('"; ')
- .split(' %\}').join(' out +="')
+ .replace(/"/g, '\\"')
+ .replace(/\{\{ (.+?) \}\}/g, '"; out += $1; out += "')
+ .replace(/\{% (.+?) %\}/g, '"; $1 out += "')
+ .replace(/\{#.+?#\}/g, '')
+ .replace(/ e\(/g, ' jst_filter_escape(')
+ (_options.useIt ? '"; return out;' : '"; } return out;');
return new Function('it', code.replace(' out += "";', ''));
}
View
@@ -7,7 +7,7 @@
var fs = require('fs'),
crypto = require('crypto');
-exports.version = '0.0.4';
+exports.version = '0.0.5';
var _cache = {},
_files = {},
@@ -24,15 +24,28 @@ exports.configure = function(options) {
_options[prop] = options[prop];
}
+// filters
+
+const htmlCodes = {'&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;'},
+ htmlre = /[&<>"]/g,
+ htmlEscape = function (src) { return htmlCodes[src]; };
+
+jst_filter_escape = function(src) {
+ return typeof src !== 'string' ? src : src.replace(htmlre, htmlEscape);
+}
+
+// compiler
+
var compile = exports.compile = function(ctx) {
- _options.useIt = ctx.indexOf('{{ it.') > -1;
+ _options.useIt = /{{ (e\()?it\./.test(ctx);
var code = (_options.useIt ? 'var out = "' : 'var out = ""; with(it) { out += "')
+ ctx.replace(/[\t\r\n]/g, '')
- .replace(/"/g, '\\"').replace(/\{#.+?#\}/g, '')
- .replace(/\{\{ (.*?) \}\}/g, '"; out += $1; out += "')
- .split('\{% ').join('"; ')
- .split(' %\}').join(' out +="')
+ .replace(/"/g, '\\"')
+ .replace(/\{\{ (.+?) \}\}/g, '"; out += $1; out += "')
+ .replace(/\{% (.+?) %\}/g, '"; $1 out += "')
+ .replace(/\{#.+?#\}/g, '')
+ .replace(/ e\(/g, ' jst_filter_escape(')
+ (_options.useIt ? '"; return out;' : '"; } return out;');
return new Function('it', code.replace(' out += "";', ''));
}
View
@@ -1,7 +1,7 @@
{
"name": "jst",
"description": "Node JavaScript Template, A pretty high performance template engine",
- "version": "0.0.4",
+ "version": "0.0.5",
"author": "Shaun Li <shonhen@gmail.com>",
"keywords": ["template", "engine", "jst"],
"main": "./lib/jst.js"

0 comments on commit 5574b04

Please sign in to comment.