Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
edge-lexer
Advanced tools
Generating high level tokens from Edge whitelisted markup
Edge lexer produces a list of tokens
by scanning for Edge whitelisted syntax.
This module is a blend of a lexer
and an AST generator
, since Edge doesn't need a pure lexer that scans for each character. Edge markup is written within other markup languages like HTML or Markdown and walking over each character is waste of resources.
Instead, this module starts by detecting for the Edge whitelisted syntax and then starts the lexical analysis within the detected markup.
Following measures are taken to keep the analysis performant.
tags
, that are passed to the tokenizer. Which means even if the syntax for tags is whitelisted, the tokeniser will analyse them if they are used by your app.import { Tokenizer } from 'edge-lexer'
const template = `Hello {{ username }}`
const tags = {
if: {
block: true,
seekable: true,
},
}
// Filename is required to add it to error messages
const options = {
filename: 'welcome.edge',
}
const tokenizer = new Tokenizer(template, tags, options)
tokenizer.parse()
console.log(tokenizer.tokens)
You can also pre-process lines before the tokenizer tokenizes them.
const options = {
filename: 'welcome.edge',
onLine: (line: string) => {
// transform here and return new string value
return line
},
}
const tokenizer = new Tokenizer(template, {}, options)
This guide makes use of the following terms to identify core pieces of the tokenizer.
Term | Token Type | Description |
---|---|---|
Tag | tag | Tags are used to define logical blocks in the template engine. For example if tag or include tag . |
Escaped Tag | e__tag | Escaped tag, Edge will not evaluate it at runtime. |
Mustache | mustache | Javascript expression wrapped in curly braces. {{ }} |
Safe Mustache | s__mustache | Safe mustache, that doesn't escape the output {{{ }}} |
Escaped Mustache | e__mustache | Mustache tag that is escaped |
Escaped Safe Mustache | es__mustache | Safe Mustache tag that is escaped |
Raw | raw | A raw string, which has no meaning for the template engine |
NewLine | newline | Newline |
Comment | comment | Edge specific comment block. This will be ripped off in the output. |
Following is the list of Nodes returned by the tokenizer.
{
type: 'tag'
filename: 'eval.edge',
loc: {
start: {
line: 1,
col: 4
},
end: {
line: 1,
col: 13
}
},
properties: BlockProp,
children: []
}
{
- type: 'tag',
+ type: 'e__tag',
filename: 'eval.edge',
loc: {
start: {
line: 1,
col: 4
},
end: {
line: 1,
col: 13
}
},
properties: BlockProp,
children: []
}
{
type: 'raw',
filename: 'eval.edge',
line: number,
value: string
}
{
type: 'comment',
filename: 'eval.edge',
line: number,
value: string
}
{
type: 'newline',
line: number
}
{
type: 'mustache',
filename: 'eval.edge',
loc: {
start: {
line: 1,
col: 4
},
end: {
line: 1,
col: 13
}
},
properties: Prop
}
{
- type: 'mustache',
+ type: 's__mustache',
filename: 'eval.edge',
loc: {
start: {
line: 1,
col: 4
},
end: {
line: 1,
col: 13
}
},
properties: Prop
}
{
- type: 'mustache',
+ type: 'e__mustache',
filename: 'eval.edge',
loc: {
start: {
line: 1,
col: 4
},
end: {
line: 1,
col: 13
}
},
properties: Prop
}
{
- type: 'mustache',
+ type: 'es__mustache',
filename: 'eval.edge',
loc: {
start: {
line: 1,
col: 4
},
end: {
line: 1,
col: 13
}
},
properties: Prop
}
Key | Value | Description |
---|---|---|
type | string | The type of node determines the behavior of node |
loc | object | loc is only present for tags and mustache tokens |
line | number | line is not present for tags and mustache tokens |
properties | Prop | Meta data for the node. See Properties to more info |
value | string | If token is a raw or comment token, then value is the string in the source file |
children | array | Array of recursive nodes. Only exists, when token is a tag |
The properties Prop
is used to define meta data for a given Node. Nodes like raw
, comment
and newline
, doesn't need any metadata.
The block prop is used by the Block
node. The only difference from the regular Prop
is the addition of selfclosed
attribute.
{
name: string
jsArg: string,
selfclosed: boolean
}
{
jsArg: string,
}
Key | Description |
---|---|
jsArg | The jsArg is the Javascript expression to evaluate. Whitespaces and newlines are preserved inside the jsArg |
selfclosed | Whether or not the tag was selfclosed during usage. |
For mustache nodes props, the name
is the type of mustache expressions. The lexer supports 4 mustache expressions.
mustache
{{ username }}
e__mustache (Escaped mustache)
The following expression is ignored by edge. Helpful when you want this expression to be parsed by a frontend template engine
@{{ username }}
s__mustache (Safe mustache)
The following expression output is considered HTML safe.
{{{ '<p> Hello world </p>' }}}
es__mustache (Escaped safe mustache)
@{{{ '<p> Not touched </p>' }}}
Errors raised by the lexer
are always an instance of edge-error and will contain following properties.
error.message
error.line
error.col
error.filename
error.code
{{-- Show username when exists --}} @if(username) {{-- Wrap inside h2 --}}
<h2>Hello {{ username }}</h2>
@endif
The output of the above text will be
[
{
"type": "comment",
"filename": "eval.edge",
"value": " Show username when exists ",
"loc": {
"start": {
"line": 1,
"col": 4
},
"end": {
"line": 1,
"col": 35
}
}
},
{
"type": "tag",
"filename": "eval.edge",
"properties": {
"name": "if",
"jsArg": "username",
"selfclosed": false
},
"loc": {
"start": {
"line": 2,
"col": 4
},
"end": {
"line": 2,
"col": 13
}
},
"children": [
{
"type": "newline",
"filename": "eval.edge",
"line": 2
},
{
"type": "comment",
"filename": "eval.edge",
"value": " Wrap inside h2 ",
"loc": {
"start": {
"line": 3,
"col": 4
},
"end": {
"line": 3,
"col": 24
}
}
},
{
"type": "newline",
"filename": "eval.edge",
"line": 3
},
{
"type": "raw",
"value": "<h2> Hello ",
"filename": "eval.edge",
"line": 4
},
{
"type": "mustache",
"filename": "eval.edge",
"properties": {
"jsArg": " username "
},
"loc": {
"start": {
"line": 4,
"col": 13
},
"end": {
"line": 4,
"col": 25
}
}
},
{
"type": "raw",
"value": " </h2>",
"filename": "eval.edge",
"line": 4
}
]
}
]
Following the links to documented error codes raised by the lexer.
FAQs
Edge parser to convert text markup to lexer tokens
The npm package edge-lexer receives a total of 12,044 weekly downloads. As such, edge-lexer popularity was classified as popular.
We found that edge-lexer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.