New templating engine

quadrupleslap · November 7, 2017, 1:10pm

tenjin is a work-in-progress templating engine (working example code here). Help:

Should variables be HTML-escaped by default, maybe with an @raw marker to say that they shouldn't be escaped? Right now there's no escaping at all.
Is it possible to run benchmarks in stable Rust?
How could it be made more easy to use?

kornel · November 7, 2017, 1:30pm

Yes, please please escape by default. Experience has shown programmers will forget to escape something somewhere and attackers will find it.

If you can, make it smart enough to be context-dependent, because e.g. <script> and attributes require slightly different escaping than regular HTML body text.

quadrupleslap · November 7, 2017, 5:10pm

Would HTML-escaping in the implementation for Borrow<str> and adding a struct Raw<S: Borrow<str>>(S); be enough? The only issue I can think of is that if somebody wrote a custom implementation of the Context trait then they might forget to escape it.

juleskers · November 13, 2017, 1:17pm

RE HTML-escaping: In another thread they just announced the release of Ammonia 1.0.0. which does nothing but HTML escaping.

Is there any opportunity for re-use there?

Topic		Replies	Views
A template engine announcements	5	2888	January 12, 2023
Passing a variable to HTML help	12	1752	January 12, 2023
Template engine for source generation help	4	706	September 23, 2020
Is there something like "a-h/templ" for Rust? community	4	468	March 12, 2024
[Blog] Javascript evaluator in Rust part 2: Parsing and Fundamentals of evaluation announcements	1	411	July 7, 2019

New templating engine

Related Topics