UNPKG

event_request

Version:

A Backend Server

stefangenov.site/projects

Michaelpalacce/EventRequest

108 lines (89 loc) 2.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
'use strict'; const DefaultTemplatingEngine = require( './default_templating_engine' ); /** * @brief Class used to render html with JS * * @details Supports syntax for: * if, for, while, switch using <% %> * * You can also inject JS code using <?js /> syntax * * Variables can be rendered by doing <% variableName %> * * Experimental: XSS protection * * WIP: COMMENTS. HTML comments of template syntax is NOT going to work as expected! * WIP: INCLUDES. Including other templates is currently NOT supported */ class TemplatingEngine extends DefaultTemplatingEngine { constructor() { super(); this.variablesRe = /<%([^%>]+)?%>|<\?js([\s\S]+?)\/>/gm; this.emptyRe = /([\s]+)/gm; this.EOL = '\n'; } /** * @brief Renders a template given specific variables * * @param {String} template * @param {Object} variables * * @return {String} */ render( template, variables ) { let r$r = 'const r$r=[];' + this.EOL; let cursor = 0; /** * @brief Builder function for the template * * @param {String} line * @param {Boolean} isJs * @param {Boolean} insertDirectly */ const addCode = ( line, isJs, insertDirectly = false ) => { if ( isJs ) { if ( insertDirectly ) { r$r += line + this.EOL; return ; } // Escape HTML variables line = line.trim(); r$r += `r$r.push( typeof ${line}==='string'?${line}.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;').replace(/'/g,'&#039;'):${line});${this.EOL}`; } else { if ( line.length !== 0 && line.match( this.emptyRe )[0] !== line) { // Strip line of specific characters // Remove ` | Escape $ r$r += `r$r.push(\`` + line.replace( /`/g, '\\`' ).replace( '$', '\\$' ) + `\`);` + this.EOL; } } }; // Add local variables so we don't have to use this. to access variables let i = 0; for ( const key in variables ) { /* istanbul ignore next */ if ( ! {}.hasOwnProperty.call( variables, key ) ) continue; r$r += `let ${key} = args[${i}];` + this.EOL; ++i; } let match; while( match = this.variablesRe.exec( template ) ) { const matchIndex = match.index; const matchedString = match[0]; const matchLength = matchedString.length; addCode( template.slice( cursor, matchIndex ) ); if ( match[1] ) addCode( match[1], true ); // Case when <?js ... /> syntax is used else addCode( match[2], true, true ); cursor = matchIndex + matchLength; } addCode( template.substr( cursor, template.length - cursor ) ); // Finish up r$r += 'return r$r.join("");'; return new Function( '...args', r$r ).apply( null, Object.values( variables ) ); } } module.exports = TemplatingEngine;