Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
tinygame.xyz
Advanced tools
Embedded JavaScript templates
$ npm install ejs
<% %>
<%= %>
<%- %>
-%>
ending tag<% if (user) { %>
<h2><%= user.name %></h2>
<% } %>
var template = ejs.compile(str, options);
template(data);
// => Rendered HTML string
ejs.render(str, data, options);
// => Rendered HTML string
You can also use the shortcut ejs.render(dataAndOptions);
where you pass
everything in a single object. In that case, you'll end up with local variables
for all the passed options.
cache
Compiled functions are cached, requires filename
filename
Used by cache
to key caches, and for includescontext
Function execution contextcompileDebug
When false
no debug instrumentation is compiledclient
Returns standalone compiled functiondelimiter
Character to use with angle brackets for open/closedebug
Output generated function body_with
Whether or not to use with() {}
constructs. If false
then the locals will be stored in the locals
object.<%
'Scriptlet' tag, for control-flow, no output<%=
Outputs the value into the template (HTML escaped)<%-
Outputs the unescaped value into the template<%#
Comment tag, no execution, no output<%%
Outputs a literal '<%'%>
Plain ending tag-%>
Trim-mode ('newline slurp') tag, trims following newlineIncludes are relative to the template with the include
call. (This
requires the 'filename' option.) For example if you have "./views/users.ejs" and
"./views/user/show.ejs" you would use <%- include('user/show'); %>
.
You'll likely want to use the raw output tag (<%-
) with your include to avoid
double-escaping the HTML output.
<ul>
<% users.forEach(function(user){ %>
<%- include('user/show', {user: user}); %>
<% }); %>
</ul>
Includes are inserted at runtime, so you can use variables for the path in the
include
call (for example <%- include(somePath); %>
). Variables in your
top-level data object are available to all your includes, but local variables
need to be passed down.
NOTE: Include preprocessor directives (<% include user/show %>
) are
still supported.
Custom delimiters can be applied on a per-template basis, or globally:
var ejs = require('ejs'),
users = ['geddy', 'neil', 'alex'];
// Just one template
ejs.render('<?= users.join(" | "); ?>', {users: users}, {delimiter: '?'});
// => 'geddy | neil | alex'
// Or globally
ejs.delimiter = '$';
ejs.render('<$= users.join(" | "); $>', {users: users});
// => 'geddy | neil | alex'
EJS does not specifically support blocks, but layouts can be implemented by including headers and footers, like so:
<%- include('header'); -%>
<h1>
Title
</h1>
<p>
My page
</p>
<%- include('footer'); -%>
Go to the Latest Release, download
./ejs.js
or ./ejs.min.js
.
Include one of these on your page, and ejs.render(str)
.
There are a number of implementations of EJS:
Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
EJS Embedded JavaScript templates copyright 2112 mde@fleegix.org.
FAQs
tinygame
The npm package tinygame.xyz receives a total of 2 weekly downloads. As such, tinygame.xyz popularity was classified as not popular.
We found that tinygame.xyz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.