Giter Club home page Giter Club logo

smolbars's Introduction

Smolbars

Gem Version Build Status Dependency Status

This uses mini_racer to bind to the actual JavaScript implementation of Handlebars.js so that you can use it from ruby. This is a fork of handlebars.rb to change out the deprecated therubyracer JS integration. 99% the same idea as the better-named minibars.

Please be mindful of how this library works: it brings in the full libv8 JS VM to your ruby environment. Each Context is a full blown JS machine (memory management, JIT, etc). This fork does not support attaching ruby functions to the JS VM.

Note on security: do not compile untrusted Handlebars templates. We compile Handlebars template by building ad-hoc javascript statements, a bad actor could perform an SQL-injection like attack using the v8 environment for bad things.

Usage

Simple stuff

require 'smolbars'
smolbars = Smolbars::Context.new
template = smolbars.compile("{{say}} {{what}}")
template.call(:say => "Hey", :what => "Yuh!") #=> "Hey Yuh!"

Helpers

You must write helpers with JavaScript. The JavaScript code should include calls to the Handlebars class registration function.

require 'smolbars'
helper = %Q{
	Handlebars.registerHelper("nthTimes", function(n, options){
	  var buffer = "";

	  for(var i = 0; i < n; i++) {
		buffer += options.fn();
	  }

	  return buffer;
	});
}
smolbars = Smolbars::Context.new
smolbars.eval(helper)
template = smolbars.compile('{{#nthTimes 2}}yep {{/nthTimes}}hurrah!')
template.call # 'yep yep hurrah!'

Partials

You must write partials with JavaScript. The JavaScript code should include calls to the Handlebars class registration function.

require 'smolbars'
partial = %Q{
	Handlebars.registerPartial("legend", "I am {{ who }}");
}
smolbars = Smolbars::Context.new
smolbars.eval(partial)
template = smolbars.compile('{{> legend}}')
template.call # 'I am Legend!'

Security

In general, you should not trust user-provided templates: a template can call any method (with no arguments) or access any property on any object in the Smolbars::Context.

If you'd like to render user-provided templates, you'd want to make sure you do so in a sanitized Context, e.g. no filesystem access, read-only or no database access, etc.

You can try setting the timeout on a Smolbars::Context through kwargs that are passed to the underlying JS instance

Smolbars::Context.new(timeout: 500)

Test

rspec spec/

smolbars's People

Contributors

acmcelwee avatar cowboyd avatar fredjean avatar grosser avatar hypomodern avatar smcfarlane avatar vaharoni avatar xrl avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.