Scorpion-core support pack.
$ npm install @dbservices/scorpion-html-
Use tagged template literals as an HTML template engine. For example:
import html from "@dbservices/scorpion-html"; console.log(html`<p>${"Scorpion HTML"}</p>`); // => <p>Scorpion HTML</p>
-
Safe by default. For example:
console.log(html`<p>${`<script>alert(1);</script>`}</p>`); // => <p><script>alert(1);</script></p>
-
Unsafely interpolate trusted HTML with
$${...}. For example:console.log(html`<p>$${`<span>Scorpion HTML</span>`}</p>`); // => <p><span>Scorpion HTML</span></p>
-
Join interpolated arrays. For example:
console.log(html`<p>${["Scorpion", " ", "HTML"]}</p>`); // => <p>Scorpion HTML</p>
Array interpolations are safe by default; if you wish to unsafely interpolate an array of trusted HTML use
$${[...]}.