Comments (3)
This isn't a bug, it's a feature :)
There are two problems with automatically escaping the content of a tag. The first problem is that it prevents helper functions from being optimized. For instance, take the following code:
(defn unordered-list [coll]
[:ul (for [x coll] [:li x])])
(println (html [:div.test (unordered-list [1 2 3])]))
Because the html macro doesn't know anything about the internals of unordered-list
, it has to fall back to dynamically parsing the resulting vector each time. This is relatively slow. On the other hand, if we write:
(defn unordered-list [coll]
(html [:ul (for [x coll] [:li x])]))
Then the html macro can optimize the body of the unordered-list function. But because the html macro returns a string, in order for this to work, strings need to be unescaped by default.
The second problem is that you may have raw HTML from some non-Hiccup source you want to render. For instance, maybe you allow your users to post HTML, or maybe you want to use some other template renderer inside Hiccup for some reason.
So because of these two reasons, a tag's content is not escaped. However, you can easily escape it by using escape-html
or h
:
(html [:div (h "<&")])
from hiccup.
I was afraid that it is a feature :-)
Thanks for taking the time for a long reply.
The reason why I brought this up is, that I noticed that there is
a mismatch between my mental model of this particular part of
hiccup (and the way I use it), and the actual implementation. I
was assuming that hiccup would encapsulate the low-level HTML
quoting stuff, and that I could just provide text, not markup,
when I was putting string literals into vectors. The small test
case showed me that I was wrong.
A summary of the situation would look like this
hiccup my model
1) text (h "...") "..."
2) markup "..." ???
Unfortunately for me, I am putting non-markup text into strings
99% of the time. Knowing myself, I won't remember to call the h
fn at all the places where it is required. Only once or twice in
the past years I wanted to put a string as unchanged markup into
HTML output. For this reason I am very inclined to optimize for
my usage scenario and perfectly willing to sacrifice CPU cycles.
Lazy me :-)
So am asking myself: what do I have to do to move the code closer
to my mental model? I understand your reasoning for the
implemented semantics, so this is probably purely hypothecial
from your point of view.
I'm currently using compojure-0.3.2 and I got line (1) from the
table above by changing the last line of html-tree
in gen.clj
from (str tree)
to (escape-html tree)
. Because I am calling
html
only on the very top level, this seems to work just fine.
For hiccup, I changed render-html
in a similar way, and
implemented the ???
from the table above as [:markup strings]
(see diff).
The unit tests succeed with this change. As I am not actively
using hiccup in an application right now: Beyond the issues you
mention in your comment, do you foresee additional problems for
an actual web server application?
from hiccup.
You'd also need to change compile-html
in the same way. That should result in the functionality you outline, however, I can't guarantee I've thought of everything.
Because this issue is the way Hiccup is meant to work, I'm closing this issue.
from hiccup.
Related Issues (20)
- Feature request for `[:<>]` HOT 4
- Shouldn't this line call the html function in hiccup2.core? HOT 1
- Hi How to write hiccup code for observable embed code in Roam ? HOT 3
- Null pointer exception with `:class` attribute containing vector nil HOT 3
- Replace license.html with license.txt (for artifact scanners) HOT 9
- Passing nil query param values to to url-encode throws exception
- New version? HOT 15
- :script async HOT 1
- Clojerl support HOT 2
- Historical question: Why is hiccup called hiccup? HOT 2
- link to api docs in project description is broken HOT 3
- Please remove.
- Fragment equivalent for the back end. HOT 2
- *escape-strings?* HOT 1
- hiccup.core/h not backward-compatible HOT 1
- Getting RuntimeException: no such var util/raw-string HOT 2
- Parameters for iframe src attribute HOT 8
- clj-kondo exported config HOT 4
- void-tags might not be complete HOT 3
- "Method code too large!" when compiling the hiccup2.core/html macro HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hiccup.