Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
i18nliner-handlebars
Advanced tools
yay readme-driven development!
====
I18nliner is I18n made simple.
No .js / .json translation files. Easy inline defaults. Optional keys. Easy pluralization. Wrappers and blocks, so your templates look template-y and your translations stay HTML-free.
I18nliner lets you do stuff like this:
{{t "Ohai %{user}, my default translation is right here" user=user}}
and even this:
{{#t}}
Hey {{amigo}}!
Although I am <a href="/">linking to something</a> and have some
<strong>bold text</strong>, the translators will see <strong><em>
absolutely no markup</em></strong> and will only have a single
string to translate :o
{{/t}}
Instead of maintaining .js/.json files and doing stuff like this:
I18n.t('account_page_title');
Forget the translation file or anything in your .js files, and just do this in your handlebars:
{{t "account_page_title" "My Account"}}
Regular I18n options follow the (optional) default translation, so you can do the usual stuff (placeholders, etc.).
Sure, but you don't need to write them. Just run:
i18nliner dump
This extracts all default translations from your codebase, merges them with any
other ones (from pre-existing translation files), and outputs them to
locales/generated/translations.json
(or .js
if using i18n.js)
TODO grunt/broccoli instructions/links
Why waste time coming up with keys that are less descriptive than the default translation? I18nliner makes keys optional, so you can just do this:
{{t "My Account"}}
I18nliner will create a unique key based on the translation (e.g.
'my_account'
), so you don't have to. See I18nliner.inferred_key_format
for
more information.
This can actually be a good thing, because when the en
changes, the key
changes, which means you know you need to get it retranslated (instead of
letting a now-inaccurate translation hang out indefinitely). Whether you want
to show "[ missing translation ]" or the en
value in the meantime is up to
you.
Suppose you have something like this in your template:
<p>
You can <a href="/new">lead</a> a new discussion or
<a href="/search">join</a>
</p>
You probably don't want the HTML as part of the translation, because it makes things brittle and potentially insecure. At the same time, you probably want the translators to get the entire sentence with minimal noise. So what do you do?
I18nliner lets you specify wrappers, so you can keep HTML out the translations, while still just having a single string needing translation:
<p>
{{t "You can *lead* a new discussion or **join** an existing one."
w0="<a href=\"/new\">$1</a>"
w1="<a href=\"/join\">$1</a>"
}}
</p>
Delimiters are increasing numbers of asterisks.
But wait, there's more!
Perhaps you want your templates to look like, well, templates. Try this:
<p>
{{#t}}
Welcome to the internets, {{user.name}}
{{/t}}
</p>
Or even this:
<p>
{{#t}}
<b>Ohai {{user.name}},</b>
you can <a href="/new" title="{{some helper}}">lead</a> a new discussion or
<a href="/search">join</a> an existing one
{{/t}}
</p>
In case you're curious about the man behind the curtain, I18nliner adds a pre-processor that turns the second example into something like this during Handlebars parsing:
<p>
{{t "some_unique_key"
"*Ohai %{user_name}*, you can **lead** a new discussion or ***join*** an existing one."
user_name: user.name
w0='<b>\1</b>',
w1=(__i18nliner_concat '<a href="/new" title="' (__i18nliner_escape (some helper)) '">$1</a>')
w2='<a href="/search>$1</a>'
}}
</p>
In other words, it will infer wrappers from your (balanced) markup, and
will create placeholders for any other (inline) handlebars expressions.
Block helpers (e.g. {{#if cond %>...
) are not supported within a
block translation. The only exception to this rule is nested translation
calls, e.g. this is totally fine:
{{#t}}
Be sure to
<a href="/account/" title="{{#t}}Account Settings{{/t}}">
set up your account
</a>.
{{/t}}
TODO grunt/broccoli instructions/links for enabling pre-processing
I18nliner ensures translations, interpolated values, and wrappers all play nicely (and safely) when it comes to HTML escaping. If any translation, interpolated value, or wrapper is HTML-safe, everything else will be HTML- escaped.
FAQs
handlebars i18n made simple
The npm package i18nliner-handlebars receives a total of 64 weekly downloads. As such, i18nliner-handlebars popularity was classified as not popular.
We found that i18nliner-handlebars demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.