forget underpowered template languages - build HTML with the full power of coffeescript
npm install kup then
Kup = require 'kup'
browser: include lib/kup.js which sets
produces the following HTML (whitespace added for readability):
a titlea headinganother headinga red linka green linka blue linknot html encoded plaintext: &<>"'/html encoded plaintext: &<>"'/bold
style attribute is a string it is added to the tag unchanged.
style attribute is an object it is converted to a css style string.
camelcased keys are converted to dashcase:
k =kdivstyle: 'color: red'kdivstyle:color: 'blue'backgroundImage: 'url(test.png)'msTransition: 'all'consolelog khtmlOut
produces the following HTML:
if you want a similar special treatment for attributes other than
Kup.prototype.attributeToString = (key, value) -> ....
it's 3 lines of code that are easily customized.
cross site scripting (XSS) protection
kup implements RULE 1 and RULE 2 of the OWASP XSS prevention cheat sheet. reading it is highly recommended ! kup can not protect you from the many other XSS attack vectors described there. that requires a bit of effort on your part.
kup will properly quote attributes using double quotes:
properly quoted attributes can only be escaped with the corresponding quote.
kup escapes all double quotes inside attribute values to prevent escaping out of the double quote context.
attribute values are escaped with the function
Kup.prototype.encodeAttribute that you can overwrite.
kup will HTML escape text content.
content is encoded with the function
Kup.prototype.encodeContent that you can overwrite.
unsafe function to insert text which should not be escaped:
safe function to insert text which should be escaped:
kp ->ksafe 'this will be escaped'
kup doesn't insert any newlines into the generated HTML.
for some very basic pretty printing you can configure kup to insert newlines after each opening tag (that has inner HTML) and each closing tag:
=if 'object' isnt typeof attrscontent = attrsattrs = undefined@_open tagattrsif 'function' is typeof content@htmlOut += '\n'@_content content@_close tag@htmlOut += '\n'
TLDR: bugfixes, issues and discussion are always welcome. ask me before implementing new features.
i will happily merge pull requests that fix bugs with reasonable code.
i will only merge pull requests that modify/add functionality if the changes align with my goals for this package and only if the changes are well written, documented and tested.
communicate: write an issue to start a discussion before writing code that may or may not get merged.