Add verifiedInnerHtml#78
Open
cornusandu wants to merge 3 commits into
Open
Conversation
Contributor
|
this would be great |
Contributor
Author
Hi, I can't tell if this is sarcasm or not (text tends to lack emotions), but this was proposed as means of replacing hardcoded innerHTML inside JavaScript files, while including QoL features such as easier sanitisation of variables, referencing locales easily, or referencing other innerHTML keys (if needed). |
Contributor
|
no sarcasm behind my comment, as i said it would be great |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
Added
verifiedInnerHtml, a safer way of using hardcoded innerHtml.Simply add innerHTML values to public/Assets/data/innerHtmlList.toml, and you can then use them!
Writing innerHTML
There are four syntax features worth noting:
1. Referencing locales
Simply reference a locale by doing
[[locale <localeKey>]].Example:
[[locale status.trusted.warning]]2. Referencing other innerHTML keys
Reference another innerHTML key by doing
[[innerhtml <key>]].Example:
[[innerhtml some.other.key]]Note
If two innerHTML keys reference eachother, the parser will resolve this by replacing one with
(unbounded reference loop).3. Named Variables
Simple enough:
{{namedVariable}}Caution
Using a variable this way will not automatically sanitise it.
4. Untrusted Named Variables
Syntax:
{{{namedVariable}}}These variables get passed through
safeHTML()before being used.Using verifiedInnerHtml
For demonstration, I will be showing how to use
verifiedInnerHtmlSync.Assuming you have a key
status.trusted.disclaimerthat requires a variable with the user's description (completely hypothetical scenario), you would do:The innerhtml key can itself choose to sanitise description by using it as
{{{description}}}instead of{{description}}.If there are no variables, you can just do:
For async, do:
About linter errors
The verifiedInnerHtml feature is ignored by the linter.