UNPKG

object-replace-mustache

Version:

replace placeholders of an object with a view like you would use mustache.render for strings

github.com/fratzinger/object-replace-mustache

fratzinger/object-replace-mustache

158 lines (149 loc) 5.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
'use strict'; const parser = require('@babel/parser'); const _traverse = require('@babel/traverse'); function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e.default : e; } const _traverse__default = /*#__PURE__*/_interopDefaultCompat(_traverse); const isPlainObject = (value) => value && [void 0, Object].includes(value.constructor); function escape(str) { return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); } const regexForDelimiters = (delimiters, flags) => { return new RegExp( `^${escape(delimiters[0])}(.*?)${escape(delimiters[1])}$`, flags ); }; const traverse = typeof _traverse__default === "function" ? _traverse__default : _traverse__default.default; const prohibitedKeywordRE = new RegExp( "\\b" + "arguments,await,break,case,catch,class,const,continue,debugger,default,delete,do,else,enum,export,extends,finally,for,function,if,import,let,new,return,static,super,switch,throw,try,var,void,while,with,yield".split(",").join("\\b|\\b") + "\\b" ); const stripStringRE = /'(?:[^'\\]|\\.)*'|"(?:[^"\\]|\\.)*"|`(?:[^`\\]|\\.)*\$\{|\}(?:[^`\\]|\\.)*`|`(?:[^`\\]|\\.)*`/g; const defineReplaceTemplateString = (options) => (template, view = {}) => replaceString(template, view, options); const replaceString = (template, view = {}, options) => { const expression = regexForDelimiters( options?.delimiters ?? ["{{", "}}"] ).exec(template)?.[1]; if (!expression) { return template; } function silentOrThrow(err) { if (options?.handleError !== "ignore") { throw typeof err === "string" ? new Error(err) : err; } return template; } if (expression.match(/\${.*?}/)) { throw new Error("nested expression is not allowed in template string"); } const withoutStrings = expression.replace(stripStringRE, ""); const allowedVariables = Object.keys(view); const unsafeMethods = ["require", "eval", "console", "this", "window", "document", "global", "process", "module", "exports", "self", "globalThis"].filter((x) => allowedVariables.indexOf(x) === -1); const keywordMatch = withoutStrings.match(prohibitedKeywordRE); if (keywordMatch) { throw new Error(`${keywordMatch} is not allowed in template string`); } const ast = parser.parse(expression); if (ast.errors.length) { return silentOrThrow(ast.errors[0].reasonCode); } let unsafe = false; traverse(ast, { enter(path) { if (unsafe) { return; } const type = path.node.type; if (type === "ThisExpression") { unsafe = "this is not defined"; return; } if (type === "AssignmentExpression") { unsafe = "assignment is not allowed in template string"; return; } if (path.node.type === "VariableDeclaration" || path.node.type === "FunctionDeclaration") { unsafe = true; } else if (path.node.type === "Identifier" && unsafeMethods.indexOf(path.node.name) != -1) { unsafe = `${path.node.name} is not defined`; } } }); if (expression.includes(";")) { return silentOrThrow("; is not allowed in template string"); } if (withoutStrings.includes("=")) { if (withoutStrings.match(/<<=|>>=|>>>=/)) { return silentOrThrow("assignment is not allowed in template string"); } const strippedCompare = withoutStrings.replace(/!==|===|==|!=|>=|<=|=>/g, ""); if (strippedCompare.match(/=/g)) { return silentOrThrow("assignment is not allowed in template string"); } } if (withoutStrings.match(/\+\+|--/g)) { throw new Error("assignment is not allowed in template string"); } if (unsafe) { return silentOrThrow(typeof unsafe === "string" ? unsafe : "unsafe operation is not allowed in template string"); } else { try { const result = new Function( "view", /* js */ ` const tagged = ( ${allowedVariables.join(", ")} ) => ${expression} return tagged(...Object.values(view)) ` )(view); if (typeof result === "function") { return silentOrThrow("function is not allowed in template string"); } return result; } catch (err) { return silentOrThrow(err); } } }; const delimiters = { mustache: ["{{", "}}"], ejs: ["<%=", "%>"] }; const replaceStringMustache = defineReplaceTemplateString({ delimiters: delimiters.mustache }); const replaceStringEjs = defineReplaceTemplateString({ delimiters: delimiters.ejs }); const replace = (item, view, options) => { return recursiveReplace(item, view, options); }; const recursiveReplace = (item, view, options) => { if (typeof item === "string") { return replaceString(item, view, { delimiters: options?.delimiters ?? ["{{", "}}"], handleError: options?.handleError ?? "ignore" }); } else if (isPlainObject(item)) { const result = {}; for (const key in item) { result[key] = recursiveReplace(item[key], view); } return result; } else if (Array.isArray(item)) { return [...item.map((subItem) => recursiveReplace(subItem, view))]; } return item; }; const render = (str, view, options) => str.replace( /\{\{(.*?)\}\}/g, (m) => replaceString(m, view, { handleError: options?.handleError ?? "ignore", delimiters: options?.delimiters ?? ["{{", "}}"] }) ); exports.delimiters = delimiters; exports.render = render; exports.replace = replace; exports.replaceString = replaceString; exports.replaceStringEjs = replaceStringEjs; exports.replaceStringMustache = replaceStringMustache;