Crate html_string

source ·
Expand description

Simple, safe server-side html templating in Rust

Build up a representation of an html page using plain Rust functions. Call to_string() on the result to spit out an html string

The approach to XSS prevention is based on this guide.

Here are a few things to keep in mind:

  • All attribute keys need to be known at compile time. This avoids having them created dynamically (and having to escape them).
  • The values for href, src and action attributes are automatically url-encoded.
  • All attribute values are double quoted. This makes escaping in attribute contexts easier
  • All text is html escaped, except for css within unsafe_style.
  • The style attribute is not supported. Use the unsafe_style tag instead.
  • Content within <script> tags is ignored. Import scripts normally using the src attribute.
  • Event handler attributes are not supported (e.g. onclick, onmouseover). Using them is discouraged anyways. Import a script and attach the handler there instead. Anything you set them to will be ignored.

Modules

  • Functions for building up an html tree

Macros

Structs

Enums

  • The html representation is a tree-structure made up of Nodes.