Macro laby::raw

source ·

macro_rules! raw {
    ($expr:expr) => { ... };
}

Expand description

Wraps an AsRef<str> in RenderRaw, rendering it without escaping.

This is a convenience macro that wraps the given expression in RenderRaw.

Expansion

// raw!($expr)
{
    RenderRaw($expr)
}

Example

The following example renders a malicious input string without escaping.

When rendering a value wrapped in RenderRaw, it is your responsibility to protect yourself from code injection attacks such as XSS. laby will never perform automatic escaping for raw values.

let input = "<script>maliciousFunc()</script>";

let escaped = body!(input);
let raw = body!(raw!(input));

// safe
assert_eq!(render!(escaped), "<body>&lt;script&gt;maliciousFunc()&lt;/script&gt;</body>");

// vulnerable!
assert_eq!(render!(raw), "<body><script>maliciousFunc()</script></body>");