Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
tinygame.xyz
Advanced tools
Embedded JavaScript templates
$ npm install ejs
<% %>
<%= %>
<%- %>
-%>
ending tag<% if (user) { %>
<h2><%= user.name %></h2>
<% } %>
var template = ejs.compile(str, options);
template(data);
// => Rendered HTML string
ejs.render(str, data, options);
// => Rendered HTML string
You can also use the shortcut ejs.render(dataAndOptions);
where you pass
everything in a single object. In that case, you'll end up with local variables
for all the passed options.
cache
Compiled functions are cached, requires filename
filename
Used by cache
to key caches, and for includescontext
Function execution contextcompileDebug
When false
no debug instrumentation is compiledclient
Returns standalone compiled functiondelimiter
Character to use with angle brackets for open/closedebug
Output generated function body_with
Whether or not to use with() {}
constructs. If false
then the locals will be stored in the locals
object.<%
'Scriptlet' tag, for control-flow, no output<%=
Outputs the value into the template (HTML escaped)<%-
Outputs the unescaped value into the template<%#
Comment tag, no execution, no output<%%
Outputs a literal '<%'%>
Plain ending tag-%>
Trim-mode ('newline slurp') tag, trims following newlineIncludes are relative to the template with the include
call. (This
requires the 'filename' option.) For example if you have "./views/users.ejs" and
"./views/user/show.ejs" you would use <%- include('user/show'); %>
.
You'll likely want to use the raw output tag (<%-
) with your include to avoid
double-escaping the HTML output.
<ul>
<% users.forEach(function(user){ %>
<%- include('user/show', {user: user}); %>
<% }); %>
</ul>
Includes are inserted at runtime, so you can use variables for the path in the
include
call (for example <%- include(somePath); %>
). Variables in your
top-level data object are available to all your includes, but local variables
need to be passed down.
NOTE: Include preprocessor directives (<% include user/show %>
) are
still supported.
Custom delimiters can be applied on a per-template basis, or globally:
var ejs = require('ejs'),
users = ['geddy', 'neil', 'alex'];
// Just one template
ejs.render('<?= users.join(" | "); ?>', {users: users}, {delimiter: '?'});
// => 'geddy | neil | alex'
// Or globally
ejs.delimiter = '$';
ejs.render('<$= users.join(" | "); $>', {users: users});
// => 'geddy | neil | alex'
EJS does not specifically support blocks, but layouts can be implemented by including headers and footers, like so:
<%- include('header'); -%>
<h1>
Title
</h1>
<p>
My page
</p>
<%- include('footer'); -%>
Go to the Latest Release, download
./ejs.js
or ./ejs.min.js
.
Include one of these on your page, and ejs.render(str)
.
There are a number of implementations of EJS:
Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
EJS Embedded JavaScript templates copyright 2112 mde@fleegix.org.
FAQs
tinygame
The npm package tinygame.xyz receives a total of 12 weekly downloads. As such, tinygame.xyz popularity was classified as not popular.
We found that tinygame.xyz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.