Files

 main

/

scripttemplate.go

Blame

Blame

Latest commit

 

History

History

143 lines (131 loc) · 3.91 KB

 main

/

scripttemplate.go

Top

File metadata and controls

• Code
• Blame

143 lines (131 loc) · 3.91 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

package templ

import (

"context"

"encoding/json"

"fmt"

"io"

"strings"

)

// ComponentScript is a templ Script template.

type ComponentScript struct {

// Name of the script, e.g. print.

Name string

// Function to render.

Function string

// Call of the function in JavaScript syntax, including parameters, and

// ensures parameters are HTML escaped; useful for injecting into HTML

// attributes like onclick, onhover, etc.

//

// Given:

// functionName("some string",12345)

// It would render:

// __templ_functionName_sha("some string",12345))

//

// This is can be injected into HTML attributes:

// <button onClick="__templ_functionName_sha(&#34;some string&#34;,12345))">Click Me</button>

Call string

// Call of the function in JavaScript syntax, including parameters. It

// does not HTML escape parameters; useful for directly calling in script

// elements.

//

// Given:

// functionName("some string",12345)

// It would render:

// __templ_functionName_sha("some string",12345))

//

// This is can be used to call the function inside a script tag:

// <script>__templ_functionName_sha("some string",12345))</script>

CallInline string

}

var _ Component = ComponentScript{}

func writeScriptHeader(ctx context.Context, w io.Writer) (err error) {

var nonceAttr string

if nonce := GetNonce(ctx); nonce != "" {

nonceAttr = " nonce=\"" + EscapeString(nonce) + "\""

}

_, err = fmt.Fprintf(w, `<script type="text/javascript"%s>`, nonceAttr)

return err

}

func (c ComponentScript) Render(ctx context.Context, w io.Writer) error {

err := RenderScriptItems(ctx, w, c)

if err != nil {

return err

}

if len(c.Call) > 0 {

if err = writeScriptHeader(ctx, w); err != nil {

return err

}

if _, err = io.WriteString(w, c.CallInline); err != nil {

return err

}

if _, err = io.WriteString(w, `</script>`); err != nil {

return err

}

}

return nil

}

// RenderScriptItems renders a <script> element, if the script has not already been rendered.

func RenderScriptItems(ctx context.Context, w io.Writer, scripts ...ComponentScript) (err error) {

if len(scripts) == 0 {

return nil

}

_, v := getContext(ctx)

sb := new(strings.Builder)

for _, s := range scripts {

if !v.hasScriptBeenRendered(s.Name) {

sb.WriteString(s.Function)

v.addScript(s.Name)

}

}

if sb.Len() > 0 {

if err = writeScriptHeader(ctx, w); err != nil {

return err

}

if _, err = io.WriteString(w, sb.String()); err != nil {

return err

}

if _, err = io.WriteString(w, `</script>`); err != nil {

return err

}

}

return nil

}

// JSExpression represents a JavaScript expression intended for use as an argument for script templates.

// The string value of JSExpression will be inserted directly as JavaScript code in function call arguments.

type JSExpression string

// SafeScript encodes unknown parameters for safety for inside HTML attributes.

func SafeScript(functionName string, params ...any) string {

encodedParams := safeEncodeScriptParams(true, params)

sb := new(strings.Builder)

sb.WriteString(functionName)

sb.WriteRune('(')

sb.WriteString(strings.Join(encodedParams, ","))

sb.WriteRune(')')

return sb.String()

}

// SafeScript encodes unknown parameters for safety for inline scripts.

func SafeScriptInline(functionName string, params ...any) string {

encodedParams := safeEncodeScriptParams(false, params)

sb := new(strings.Builder)

sb.WriteString(functionName)

sb.WriteRune('(')

sb.WriteString(strings.Join(encodedParams, ","))

sb.WriteRune(')')

return sb.String()

}

func safeEncodeScriptParams(escapeHTML bool, params []any) []string {

encodedParams := make([]string, len(params))

for i := 0; i < len(encodedParams); i++ {

if val, ok := params[i].(JSExpression); ok {

encodedParams[i] = string(val)

continue

}

enc, _ := json.Marshal(params[i])

if !escapeHTML {

encodedParams[i] = string(enc)

continue

}

encodedParams[i] = EscapeString(string(enc))

}

return encodedParams

}