mya-parser-undertpl
Version:
fis3 plugin for underscore template parse
34 lines (29 loc) • 912 B
JavaScript
const _ = require( 'underscore' );
function xssEscape(content) {
return content.replace(/<%=(.+?)%>/g, function(match, p1) {
p1 = p1.trim();
// <%= xxx|safe %> 自定义语法,表示不转义,会转化为 <%= xxx %>
if (/\|\s*safe\b/.test(p1)) {
var bar = p1.replace(/\|\s*safe\b/, '');
return `<%=${bar}%>`;
}
// <%= _.escape(xxx) %> 不重复转码
if (/_\.escape\(.+?\)/.test(p1)) {
return `<%=${p1}%>`;
}
return `<%-${p1}%>`;
});
};
module.exports = function ( content, file, settings ) {
content = content.toString();
// xss 防范
if (settings.xssEscape) {
content = xssEscape(content);
}
// merge configuration
_.extend( _.templateSettings, settings );
return _.template( content ).source;
};
module.exports.defaultOptions = {
xssEscape: false,
};