is-template-object

1.0.1 • Public • Published

is-template-object polyfill

This package implements the es-shim API interface. It works in an ES5-supported environment and complies with the spec.

Supports: >= ES2015
Requires receiver: false

Build Status Dependencies Status npm Coverage Status Known Vulnerabilities

The shim installs Array.isTemplateObject, a function that returns true for the first argument passed to a tag function from a tagged template literal.

See the spec explainer for detailed semantics, and use cases.

Usage

const { isTemplateObject } = require('is-template-object');
 
// Here's a use of a tagged template literal.
let y =  tag`rawText ${ expr } rawText`
// This tagged template literal calls tag like
//    tag(['rawText ', ' rawText'], expr)
// but the array it passes is a special array called a template object.
 
// Define a function that we can use with tagged templates.
function tag(templateObject, expr) {
  // Sometimes the tag function would like to know if it got a template object.
 
  if (// True if templateObject contains strings from a literal instead of
      // strings from a trusted author instead of strings that might be
      // controlled by an attacker
      isTemplateObject(templateObject)
      // and the template object came from this realm.
      && templateObject instanceof Array) {
 
    // Do something that treats the strings in templateObject as content
    // from a trusted author, but which treats expr as possibly
    // attacker-controlled.
  } else {
    // Do not trust templateObject's content or maybe treat as a non-tag call.
  }
}
 
// We don't know whether `x` and `y` came from an attacker or from a trusted source.
// tag does not to take the trusting path.
tag([ x, y ], expr);

Readme

Keywords

Package Sidebar

Install

npm i is-template-object

Weekly Downloads

4

Version

1.0.1

License

Apache-2.0

Unpacked Size

22.7 kB

Total Files

8

Last publish

Collaborators

  • mikesamuel