Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Razor Leaf is a template engine for HTML. It is indentation-based and vaguely resembles Jade (among others).
doctype
html
head
meta charset: 'utf-8'
title 'Hello, world!'
for script in data.scripts
script type: 'text/javascript' src: '#{script.url}'
if script.async
async:
for stylesheet in data.stylesheets
link
rel: 'stylesheet'
type: 'text/css'
href: '#{stylesheet.url}'
body
h1 id: 'title'
'An example'
p id: 'content' 'This template demonstrates ' em 'most'
' of Razor Leaf’s features.'
!'Literal <abbr title="HyperText Markup Language">HTML</abbr> content can be written using a string with a leading exclamation mark.'
var fs = require("fs");
var razorleaf = require("razorleaf");
var template = razorleaf.compile(fs.readFileSync("views/template.leaf", "utf8"));
console.log(template(data));
razorleaf.compile(template, [options])
Compiles a template and returns a function that renders the template
and returns the result, taking an optional data
argument usable inside
the template.
options
is an object containing options for compilation:
loader
: A function that will be called to load parent and included
templates. It is required if either feature is used.There are four types of “items”.
An element is defined by a name and may be followed on the same line by any number of attributes and strings, and up to one element. If the element is not inline (that is, on the same line as another element), it may followed by an indented block containing any number of elements, attributes, strings, and special blocks.
Attributes use the syntax name: 'value'
. The value is optional, and must be a
string if provided. If a value is not provided, the attribute is assumed to be
boolean. Whitespace between the colon and value is required, as both attribute
and element names may contain colons.
Strings may be delimited by either single or double quotes. Any expression
between #{
and }
is interpolated. When interpolating, quotes do not need to
be escaped, but a closing brace (}
) does. Strings’ contents are escaped as
appropriate. Unescaped strings are marked up with a !
before the opening
delimiter.
for (identifier) in (expression)
will evaluate (expression)
(the
remainder of the line) as JavaScript and iterate over the result. for
blocks cannot directly contain attributes.
if (expression)
will evaluate (expression)
(the remainder of the line) as
JavaScript and include the block if the result is truthy (by the same rules
as JavaScript’s if
). It may be followed by an else
block.
doctype
will insert the string <!DOCTYPE html>
.
FAQs
A template engine for HTML
We found that razorleaf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.