String Template
This is essentially a fork of far, with a cache for re-use and an optional macro (enabled by default) to make safe html variables.
The html_map!
macro uses the minimal set of escapes (as per The XSS cheatsheet). If you need to have stronger guarantees, i.e. for sending data for attributes, then use html_map_strong!
or build the hashmap the usual way and wrap the values with htmlescape::encode_attribute().
Note that, like far
, this crate does not deal with escaping the keys or replacements in any way. e.g. if for some reason you need the template to have a ${}
literal.
The value of the HashMap which is passed to Template::render() must be AsRef<str>
The only dependency is the optional htmlescape
Examples:
Provided with a string and a map, simple-html-template will attempt to find
all the keys (delimited with ${}
) in the template and replace them with
the corresponding value in the map. For example:
let template = new?;
let args = html_map!;
let s = template.render?;
assert_eq!;
If it fails for some reason, an explanation of why will be returned:
let template = new?;
let args = html_map!;
match template.render
Note that if html is in the variable, it is escaped:
let template = new?;
let args = html_map!;
let s = template.render?;
assert_eq!;
Additional examples and weird edge-case behaviors can be found in
src/tests
.
License
This project is licensed under either of
-
Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
-
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT) at your option.