GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → syntax-tree → Hastscript

syntax-tree / Hastscript

Licence: mit
utility to create hast trees

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

htmlutil

Projects that are alternatives of or similar to Hastscript

go-tools
A utility tool library of Golang.
Stars: ✭ 44 (-32.31%)
Mutual labels:  util
Excel Boot
Easy-POI是一款Excel导入导出解决方案组成的轻量级开源组件。
Stars: ✭ 347 (+433.85%)
Mutual labels:  util
Easyandroid
一个完整基于kotlin的安卓开发框架,采用了mvvm设计模式。涵盖了: 1、基于retrofit2封装的通过kotlin协程实现的网络框架 2、基于阿里开源router修改的api-router实现项目模块化 3、基于glide的图片加载缓存框架 4、基于room实现的往来数据缓存加载 5、基于step实现的数据异步提交 6、基于PreferenceHolder实现的本地数据快速存储 7、基于mlist实现的简单复杂列表的快速开发扩展 8、定制的toolbar可以自适应异形屏,挖孔屏,水滴屏等等。。 本框架几乎涵盖了开发所需的所有模块组件。简单fork之后就可以基于框架快速开发。
Stars: ✭ 33 (-49.23%)
Mutual labels:  util
jframework
基于对spring boot的二次封装,目的是减少重复代码,提高开发效率
Stars: ✭ 88 (+35.38%)
Mutual labels:  util
Superutils
The utils Project
Stars: ✭ 325 (+400%)
Mutual labels:  util
Alicerce
A base for iOS Applications made with ❤️ by Mindera 🤠
Stars: ✭ 465 (+615.38%)
Mutual labels:  util
unist-util-select
utility to select unist nodes with CSS-like selectors
Stars: ✭ 41 (-36.92%)
Mutual labels:  util
Changed Log
Returns all commit messages between 2 versions of an NPM module
Stars: ✭ 58 (-10.77%)
Mutual labels:  util
Utils Everywhere
整理并收集各种常用的覆盖面广的工具类
Stars: ✭ 329 (+406.15%)
Mutual labels:  util
Dialogutil
common used dialog with material style ( in support v7),ios style,get top activity automatically, invoke everywhere (any thread , any window)
Stars: ✭ 948 (+1358.46%)
Mutual labels:  util
Deployr
A simple golang application to automate the deployment of software releases.
Stars: ✭ 282 (+333.85%)
Mutual labels:  util
Pydu
Useful data structures and utils for Python
Stars: ✭ 315 (+384.62%)
Mutual labels:  util
Protools
历经开发周期两年,并且应用过千万级别项目的工具箱
Stars: ✭ 663 (+920%)
Mutual labels:  util
dodo
The Twitter OSS Project Builder
Stars: ✭ 25 (-61.54%)
Mutual labels:  util
V Androidcollectsources
🔥💪 Github优秀开源项目整理,方便查阅,仅供参考,感谢开源!!!
Stars: ✭ 51 (-21.54%)
Mutual labels:  util
unist-util-visit-parents
utility to recursively walk over unist nodes, with ancestral information
Stars: ✭ 25 (-61.54%)
Mutual labels:  util
Hutool
🍬A set of tools that keep Java sweet.
Stars: ✭ 21,386 (+32801.54%)
Mutual labels:  util
Low
low level data type and utils in Golang.
Stars: ✭ 63 (-3.08%)
Mutual labels:  util
Goutil
go util 是golang通用工具包,实现一站式,开箱即用
Stars: ✭ 56 (-13.85%)
Mutual labels:  util
Object.reduce
Reduces an object to a value that is the accumulated result of running each property in the object through a callback. JavaScript/node.js utility.
Stars: ✭ 11 (-83.08%)
Mutual labels:  util
View All Similar Projects ➔

hastscript

Build Coverage Downloads Size Sponsors Backers Chat

hast utility to create trees in HTML or SVG.

Similar to hyperscript, virtual-dom/h, React.createElement, and Vue’s createElement, but for hast.

Use unist-builder to create any unist tree.

Install

npm:

npm install hastscript

Use

var h = require('hastscript')
var s = require('hastscript/svg')

// Children as an array:
console.log(
  h('.foo#some-id', [
    h('span', 'some text'),
    h('input', {type: 'text', value: 'foo'}),
    h('a.alpha', {class: 'bravo charlie', download: 'download'}, [
      'delta',
      'echo'
    ])
  ])
)

// Children as arguments:
console.log(
  h(
    'form',
    {method: 'POST'},
    h('input', {type: 'text', name: 'foo'}),
    h('input', {type: 'text', name: 'bar'}),
    h('input', {type: 'submit', value: 'send'})
  )
)

// SVG:
console.log(
  s('svg', {xmlns: 'http://www.w3.org/2000/svg', viewbox: '0 0 500 500'}, [
    s('title', 'SVG `<circle>` element'),
    s('circle', {cx: 120, cy: 120, r: 100})
  ])
)

Yields:

{
  type: 'element',
  tagName: 'div',
  properties: {className: ['foo'], id: 'some-id'},
  children: [
    {
      type: 'element',
      tagName: 'span',
      properties: {},
      children: [{type: 'text', value: 'some text'}]
    },
    {
      type: 'element',
      tagName: 'input',
      properties: {type: 'text', value: 'foo'},
      children: []
    },
    {
      type: 'element',
      tagName: 'a',
      properties: {className: ['alpha', 'bravo', 'charlie'], download: true},
      children: [{type: 'text', value: 'delta'}, {type: 'text', value: 'echo'}]
    }
  ]
}
{
  type: 'element',
  tagName: 'form',
  properties: {method: 'POST'},
  children: [
    {
      type: 'element',
      tagName: 'input',
      properties: {type: 'text', name: 'foo'},
      children: []
    },
    {
      type: 'element',
      tagName: 'input',
      properties: {type: 'text', name: 'bar'},
      children: []
    },
    {
      type: 'element',
      tagName: 'input',
      properties: {type: 'submit', value: 'send'},
      children: []
    }
  ]
}
{
  type: 'element',
  tagName: 'svg',
  properties: {xmlns: 'http://www.w3.org/2000/svg', viewBox: '0 0 500 500'},
  children: [
    {
      type: 'element',
      tagName: 'title',
      properties: {},
      children: [{type: 'text', value: 'SVG `<circle>` element'}]
    },
    {
      type: 'element',
      tagName: 'circle',
      properties: {cx: 120, cy: 120, r: 100},
      children: []
    }
  ]
}

API

h(selector?[, properties][, ...children])

s(selector?[, properties][, ...children])

DSL to create virtual hast trees for HTML or SVG.

Parameters
selector

Simple CSS selector (string, optional). Can contain a tag name (foo), IDs (#bar), and classes (.baz). If there is no tag name in the selector, h defaults to a div element, and s to a g element. selector is parsed by hast-util-parse-selector.

properties

Map of properties (Object.<*>, optional).

children

(Lists of) child nodes (string, Node, Array.<string|Node>, optional). When strings are encountered, they are mapped to text nodes.

Returns

Element.

Security

Use of hastscript can open you up to a cross-site scripting (XSS) attack as values are injected into the syntax tree. The following example shows how a script is injected that runs when loaded in a browser.

var tree = {type: 'root', children: []}

tree.children.push(h('script', 'alert(1)'))

Yields:

<script>alert(1)</script>

The following example shows how an image is injected that fails loading and therefore runs code in a browser.

var tree = {type: 'root', children: []}

// Somehow someone injected these properties instead of an expected `src` and
// `alt`:
var otherProps = {src: 'x', onError: 'alert(2)'}

tree.children.push(h('img', {src: 'default.png', ...otherProps}))

Yields:

<img src="x" onerror="alert(2)">

The following example shows how code can run in a browser because someone stored an object in a database instead of the expected string.

var tree = {type: 'root', children: []}

// Somehow this isn’t the expected `'wooorm'`.
var username = {
  type: 'element',
  tagName: 'script',
  children: [{type: 'text', value: 'alert(3)'}]
}

tree.children.push(h('span.handle', username))

Yields:

<span class="handle"><script>alert(3)</script></span>

Either do not use user input in hastscript or use hast-util-santize.

Related

Contribute

See contributing.md in syntax-tree/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.

License

MIT © Titus Wormer

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].