Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Razor Leaf is a template engine for JavaScript with a convenient indentation-based syntax. It aims, like Jade, to reduce the redundancy inherent in HTML — but with simpler rules, a sparser syntax, and a few further features not found in larger libraries.
Elements are defined by their names only; no other special character is necessary.
p
<p></p>
Void elements are recognized automatically.
meta
<meta>
Strings are double-quoted and escaped for use in HTML as needed. Backslash escape codes can be used as in JavaScript. No whitespace is added around strings.
"--> A string <--\n" "A string containing \"double-quotes\""
--> A string <--
A string containing "double-quotes"
Strings can also contain interpolated sections, delimited by #{
and }
.
Both delimiters can be escaped with a backslash.
"#{6 * 7}"
42
If an exclamation mark precedes the string, it and any of its interpolated sections will not be escaped.
!"<!-- A significant comment -->"
<!-- A significant comment -->
Attributes are marked up using the syntax name:
.
An attribute name can, optionally, be followed by a string to be used as
its value; if a value isn’t provided, the attribute is assumed to be boolean
(and present). Note that a string used as an attributes value cannot be “raw”
— that is, cannot be preceded by an exclamation mark.
meta charset: "utf-8"
<meta charset="utf-8">
Hierarchy in Razor Leaf is defined using indentation. Indentation must use tabs, and not spaces. For example:
html
head
meta charset: "utf-8"
title "Example"
link
rel: "stylesheet"
type: "text/css"
href: "stylesheets/example.css"
body
p id: "introduction"
"This template is a brief example of hierarchy."
<html><head><meta charset="utf-8"><title>Example</title><link rel="stylesheet"
type="text/css" href="stylesheets/example.css"></head><body><p
id="introduction">This template is a brief example of hierarchy.</p></body></html>
Content found after an element on the same line will also be considered that element’s content.
Comments begin with #
and continue to the end of the line. They do not affect
the rendered HTML.
Code blocks begin with %
and continue to the end of the line.
Code blocks may contain content (strings, elements, other code blocks,
and special blocks, but not attributes); if they do, they are treated as blocks
and wrapped in curly braces.
For example, this template:
% if(i < 5)
!"#{i}"
might compile to this JavaScript:
if(i < 5) {
__output += i;
}
Some names define special blocks. These are:
doctype
: Inserts <!DOCTYPE html>
.if (condition)
: Includes its content only if condition
is met.elif (condition)
: Can immediately follow an if
or an elif
.else
: Can immediately follow an if
or an elif
.for (identifier) in (collection)
: Includes its content for each element
in the array or array-like object collection
.include (name)
: Loads and includes another template.extends (name)
: Loads another template and replaces its blocks.
A template that extends another template cannot have any content
outside of block actions.block (name)
: Defines a replaceable block.replace (name)
: Replaces a block.razorleaf.compile(template, [options])
Compiles a template string into a function. The compiled function takes
one argument, data
, which can be used (under that name) in the template.
include(name)
: A function that should return the template represented
by name
, as given by any include
statements in a template. This is
optional if template inclusion is not used.leaf
is a utility to compile static template files to HTML. It can currently
be passed any number of paths to compile, and will write the result to an HTML
file of the same name. (If the path ends in .leaf
, it is replaced
with .html
.)
FAQs
A template engine for HTML
The npm package razorleaf receives a total of 2 weekly downloads. As such, razorleaf popularity was classified as not popular.
We found that razorleaf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.