Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@domchristie/composite
Advanced tools
@domchristie/composite
A hybrid client-side/server-side approach to generating dynamic HTML.
- 0.5.0
- latest
- npm
🦷 Composite
A tiny web template system for the browser.
Compose your HTML in <template> elements. Use placeholders (${…}) to mark dynamic content. Call fill to generate a new HTML string which interpolates the template's content with the given properties.
Usage
npm install @domchristie/composite
/* rendered somewhere in the DOM */
<template id="hello">
<h1>${greeting}, ${name}!</h1>
</template>
import { fill } from '@domchristie/composite'
const Hello = document.getElementById('hello')
fill(Hello, { greeting: 'Hello', name: 'World' }) // '<h1>Hello, World!</h1>'
API Docs
Table of Contents
fill
Renders a template with given properties.
Parameters
template(HTMLTemplateElement | string) The HTML template to be rendered.propsObject An object containing properties to be interpolated into the template.
Returns string The rendered HTML string with properties interpolated.
html
A tag function for template literals that escapes HTML special characters in values unless they are marked as raw.
Parameters
stringsTemplateStringsArray An array of string literals.values...any The values to be interpolated into the template.
Returns string The final string with values safely interpolated.
escape
Escapes special characters in a string for use in HTML. The characters escaped are: & < > " ' ` = /
Parameters
stringstring The input string to escape.
Returns string The escaped string.
unescape
Unescapes a given HTML-encoded string.
Parameters
stringstring The HTML-encoded string to unescape.
Returns string The unescaped string.
raw
Marks a string as raw HTML to prevent escaping of special characters.
Parameters
htmlstring The HTML string to wrap.
Returns RawString The wrapped HTML string as a RawString object.
unsafe-eval
Composite uses new Function to generate HTML from templates. This approach can fail when using strict Content Security Policies (CSPs).
License
Copyright © 2024+ Dom Christie and released under the MIT license.
FAQs
A hybrid client-side/server-side approach to generating dynamic HTML.
The npm package @domchristie/composite receives a total of 42 weekly downloads. As such, @domchristie/composite popularity was classified as not popular.
We found that @domchristie/composite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025