Crate html_string
source ·Expand description
Simple, safe server-side html templating in Rust
Build up a representation of an html page using plain Rust functions. Call to_string()
on the
result to spit out an html string
The approach to XSS prevention is based on this guide.
Here are a few things to keep in mind:
- All attribute keys need to be known at compile time. This avoids having them created dynamically (and having to escape them).
- The values for
href
,src
andaction
attributes are automatically url-encoded. - All attribute values are double quoted. This makes escaping in attribute contexts easier
- All text is html escaped, except for css within unsafe_style.
- The
style
attribute is not supported. Use the unsafe_style tag instead. - Content within
<script>
tags is ignored. Import scripts normally using thesrc
attribute. - Event handler attributes are not supported (e.g. onclick, onmouseover). Using them is discouraged anyways. Import a script and attach the handler there instead. Anything you set them to will be ignored.
Modules
- Functions for building up an html tree
Macros
- Define attributes to be associated with an HtmlTag
Structs
- A string that is safe to output into an Html node as text
- A wrapper for a list of sibling html nodes. This wrapper does not appear in the html string output.
- An arbitrary html tag with attributes and children
- The structure needed to create a new Fragment
- The structure needed to crate a new HtmlTag
Enums
- The html representation is a tree-structure made up of
Node
s.