couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Generating HTML from Javascript shows and lists" by RogerBinns
Date Wed, 09 Dec 2009 20:14:40 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Generating HTML from Javascript shows and lists" page has been changed by RogerBinns.
The comment on this change is: Updates of best practises including sample code.
http://wiki.apache.org/couchdb/Generating%20HTML%20from%20Javascript%20shows%20and%20lists?action=diff&rev1=4&rev2=5

--------------------------------------------------

  It is a '''very''' good idea to use a library that automatically escapes values (eg replacing
< with ampersand lt semicolon) otherwise your application will be prone to [[http://en.wikipedia.org/wiki/Cross-site_scripting|cross
site scripting attacks]].  It should also provide a way of disabling the escaping when you
are intentionally providing raw HTML.
  
  It is convenient if the library has functions for emitting html.  For example it may have
a function to insert an image where you provide the URL and the function generates all the
wrapping HTML, including width/height/caption attributes if you provided them.
+ 
+  . '''Bad''': `<img src={{ url }} {{ if(width) }} width={{ width }} {{/if}} {{ if(height)
}} height={{ height }}{{/if}} >`
+ 
+  . '''Good''': `{{ img_tag(url, width, height) }}`
+ 
+ You should avoid having code in your template.  Some template libraries let you put any
code you want between their tags.  This is as bad an idea as putting HTML sprinkled throughout
your code.  It also makes the templates harder to translate (the translator has to understand
the code) and is a maintenance burden (eg if you have similar code in multiple templates then
they may all require changing for code updates).  Instead you should be able to define a meaningfully
named function that is part of the data supplied to the template.
+ 
+  . '''Bad''': `{{ if(info_level>3 && info_items.length>0  && show_issues)
}} <h2>Important issues</h2> ... {{/if}}`
+ 
+  . '''Good''': `{{ if (has_important()) }} <h2>Important issues</h2> ... {{/if}}`
  
  == Constraints ==
  The Javascript view server and the environment the code run in mean that some existing Javascript
templating libraries will not work.
@@ -37, +47 @@

      Foo is not true-ish
  <% } %>
  }}}
- 
  Note that this library has no support, bug tracker or development/test/release process.
  
  === mustache.js ===

Mime
View raw message