Last active
February 15, 2017 17:02
-
-
Save potch/cc83a493121e272d19f8c06f1eae195e to your computer and use it in GitHub Desktop.
PURE ES6 HTML TEMPLATING
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let index = ({title, name}) => ` | |
| <h1>${title}</h1> | |
| ${name ? ` | |
| <h2>Hello, ${name}.</h2> | |
| `:` | |
| <a href="#">Log in here</a> | |
| `} | |
| <div>footer</div> | |
| `; | |
| document.querySelector('div').innerHTML = index({ | |
| title: 'cool page', | |
| name: 'potch' | |
| }); | |
tofumatt
commented
Feb 15, 2017
I left this on twitter too, but everyone looking at this, please remember that feeding unescaped data to innerHTML is a bad idea. (And which I am sure potch is not endorsing!) Template literals also give us tagged template literals, allowing for libraries like https://github.com/jrburke/htemplate which can help provide some degree of security plus whatever additional magic they choose to provide.
@asutherland is right! (of course). This is a super gross and way over-clever syntactic hack, and doesn't come close to replacing existing templating libraries, especially in terms of security of interpolated content.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment