macro_rules! raw { ($expr:expr) => { ... }; }
Expand description
Wraps an AsRef<str>
in RenderRaw
, rendering it without escaping.
This is a convenience macro that wraps the given expression in RenderRaw
.
Expansion
ⓘ
// raw!($expr)
{
RenderRaw($expr)
}
Example
The following example renders a malicious input string without escaping.
When rendering a value wrapped in RenderRaw
, it is your responsibility to protect yourself
from code injection attacks such as XSS. laby will never perform automatic escaping for
raw values.
let input = "<script>maliciousFunc()</script>";
let escaped = body!(input);
let raw = body!(raw!(input));
// safe
assert_eq!(render!(escaped), "<body><script>maliciousFunc()</script></body>");
// vulnerable!
assert_eq!(render!(raw), "<body><script>maliciousFunc()</script></body>");