From f739c040adb84b4791b7bf2dcbc92973f3faefa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Kijewski?= Date: Sun, 4 Feb 2024 05:04:21 +0100 Subject: [PATCH 1/3] Fix `markup` example * Use canonical syntax to print items * No need to use another HTML escaper --- examples/templates/markup/Cargo.toml | 1 - examples/templates/markup/src/main.rs | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/examples/templates/markup/Cargo.toml b/examples/templates/markup/Cargo.toml index 0eeb9626..7eee86bd 100644 --- a/examples/templates/markup/Cargo.toml +++ b/examples/templates/markup/Cargo.toml @@ -10,4 +10,3 @@ viz.workspace = true tokio = { workspace = true, features = ["rt-multi-thread", "macros"] } markup = "0.15" -v_htmlescape = "0.15" diff --git a/examples/templates/markup/src/main.rs b/examples/templates/markup/src/main.rs index 9a71cf3c..c511c438 100644 --- a/examples/templates/markup/src/main.rs +++ b/examples/templates/markup/src/main.rs @@ -45,7 +45,7 @@ async fn main() -> Result<()> { markup::define! { TodosTemplate<'a>(items: Vec>) { - {markup::doctype()} + @markup::doctype() html { head { title { "Todos" } @@ -55,8 +55,8 @@ markup::define! { tr { th { "ID" } th { "Content" } } @for item in items { tr { - td { {item.id} } - td { {markup::raw(v_htmlescape::escape(item.content).to_string())} } + td { @item.id } + td { @item.content } } } } From 17b2d3fad93230688fed8196aa4fa77b15d0ac24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Kijewski?= Date: Sun, 4 Feb 2024 05:14:07 +0100 Subject: [PATCH 2/3] No needless conversions --- examples/templates/askama/src/main.rs | 16 ++++----- examples/templates/markup/src/main.rs | 7 ++-- examples/templates/minijinja/src/main.rs | 43 +++++++++++------------- examples/templates/tera/src/main.rs | 11 ++---- 4 files changed, 32 insertions(+), 45 deletions(-) diff --git a/examples/templates/askama/src/main.rs b/examples/templates/askama/src/main.rs index 75e3c39c..0c5939c6 100644 --- a/examples/templates/askama/src/main.rs +++ b/examples/templates/askama/src/main.rs @@ -4,7 +4,7 @@ use std::net::SocketAddr; use askama::Template; use tokio::net::TcpListener; -use viz::{serve, BytesMut, Error, Request, Response, ResponseExt, Result, Router}; +use viz::{serve, Error, Request, Response, ResponseExt, Result, Router}; #[derive(Template)] #[template(path = "hello.html")] @@ -13,15 +13,11 @@ struct HelloTemplate<'a> { } async fn index(_: Request) -> Result { - let mut buf = BytesMut::with_capacity(512); - buf.extend( - HelloTemplate { name: "world" } - .render() - .map_err(Error::boxed)? - .as_bytes(), - ); - - Ok(Response::html(buf.freeze())) + let body = HelloTemplate { name: "world" } + .render() + .map_err(Error::boxed)?; + + Ok(Response::html(body)) } #[tokio::main] diff --git a/examples/templates/markup/src/main.rs b/examples/templates/markup/src/main.rs index c511c438..6cc2e383 100644 --- a/examples/templates/markup/src/main.rs +++ b/examples/templates/markup/src/main.rs @@ -4,7 +4,7 @@ use std::net::SocketAddr; use tokio::net::TcpListener; -use viz::{serve, BytesMut, Request, Response, ResponseExt, Result, Router}; +use viz::{serve, Request, Response, ResponseExt, Result, Router}; pub struct Todo<'a> { id: u64, @@ -22,10 +22,9 @@ async fn index(_: Request) -> Result { content: "Learn English", }, ]; - let mut buf = BytesMut::with_capacity(512); - buf.extend(TodosTemplate { items }.to_string().as_bytes()); + let body = TodosTemplate { items }.to_string(); - Ok(Response::html(buf.freeze())) + Ok(Response::html(body)) } #[tokio::main] diff --git a/examples/templates/minijinja/src/main.rs b/examples/templates/minijinja/src/main.rs index 11e690a6..269f4602 100644 --- a/examples/templates/minijinja/src/main.rs +++ b/examples/templates/minijinja/src/main.rs @@ -7,7 +7,7 @@ use minijinja::{context, path_loader, Environment}; use once_cell::sync::Lazy; use serde::Serialize; use tokio::net::TcpListener; -use viz::{serve, BytesMut, Error, Request, Response, ResponseExt, Result, Router}; +use viz::{serve, Error, Request, Response, ResponseExt, Result, Router}; static TPLS: Lazy = Lazy::new(|| { let dir = env::var("CARGO_MANIFEST_DIR").map(PathBuf::from).unwrap(); @@ -23,28 +23,25 @@ struct User<'a> { } async fn index(_: Request) -> Result { - let mut buf = BytesMut::with_capacity(512); - buf.extend( - TPLS.get_template("index.html") - .map_err(Error::boxed)? - .render(context! { - title => "Viz.rs", - users => &vec![ - User { - url: "https://github.com/rust-lang", - username: "rust-lang", - }, - User { - url: "https://github.com/viz-rs", - username: "viz-rs", - }, - ], - }) - .map_err(Error::boxed)? - .as_bytes(), - ); - - Ok(Response::html(buf.freeze())) + let body = TPLS + .get_template("index.html") + .map_err(Error::boxed)? + .render(context! { + title => "Viz.rs", + users => &vec![ + User { + url: "https://github.com/rust-lang", + username: "rust-lang", + }, + User { + url: "https://github.com/viz-rs", + username: "viz-rs", + }, + ], + }) + .map_err(Error::boxed)?; + + Ok(Response::html(body)) } #[tokio::main] diff --git a/examples/templates/tera/src/main.rs b/examples/templates/tera/src/main.rs index 788a8849..934778f1 100644 --- a/examples/templates/tera/src/main.rs +++ b/examples/templates/tera/src/main.rs @@ -6,7 +6,7 @@ use once_cell::sync::Lazy; use serde::Serialize; use tera::{Context, Tera}; use tokio::net::TcpListener; -use viz::{serve, BytesMut, Error, Request, Response, ResponseExt, Result, Router}; +use viz::{serve, Error, Request, Response, ResponseExt, Result, Router}; static TPLS: Lazy = Lazy::new(|| Tera::new("examples/templates/tera/templates/**/*").unwrap()); @@ -33,14 +33,9 @@ async fn index(_: Request) -> Result { }, ], ); - let mut buf = BytesMut::with_capacity(512); - buf.extend( - TPLS.render("index.html", &ctx) - .map_err(Error::boxed)? - .as_bytes(), - ); + let body = TPLS.render("index.html", &ctx).map_err(Error::boxed)?; - Ok(Response::html(buf.freeze())) + Ok(Response::html(body)) } #[tokio::main] From af28a4e1a162c00ad5b5f0ff195edcda15e24c52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Kijewski?= Date: Sun, 4 Feb 2024 05:21:08 +0100 Subject: [PATCH 3/3] Remove `| safe` filters from examples A user might copy the code without realizing that they introduce a huge security risk by skipping escaping. --- examples/templates/minijinja/templates/index.html | 2 +- examples/templates/tera/templates/index.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/templates/minijinja/templates/index.html b/examples/templates/minijinja/templates/index.html index afa290fa..1f2c1d0d 100644 --- a/examples/templates/minijinja/templates/index.html +++ b/examples/templates/minijinja/templates/index.html @@ -3,7 +3,7 @@ {% block body %} {% endblock %} diff --git a/examples/templates/tera/templates/index.html b/examples/templates/tera/templates/index.html index 56493618..10e3d038 100644 --- a/examples/templates/tera/templates/index.html +++ b/examples/templates/tera/templates/index.html @@ -1,6 +1,6 @@ {% block title %}{% endblock title %}