Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Generating HTML from Javascript shows and lists" page has been changed by RogerBinns. The comment on this change is: Updates of best practises including sample code. http://wiki.apache.org/couchdb/Generating%20HTML%20from%20Javascript%20shows%20and%20lists?action=diff&rev1=4&rev2=5 -------------------------------------------------- It is a '''very''' good idea to use a library that automatically escapes values (eg replacing < with ampersand lt semicolon) otherwise your application will be prone to [[http://en.wikipedia.org/wiki/Cross-site_scripting|cross site scripting attacks]]. It should also provide a way of disabling the escaping when you are intentionally providing raw HTML. It is convenient if the library has functions for emitting html. For example it may have a function to insert an image where you provide the URL and the function generates all the wrapping HTML, including width/height/caption attributes if you provided them. + + . '''Bad''': `<img src={{ url }} {{ if(width) }} width={{ width }} {{/if}} {{ if(height) }} height={{ height }}{{/if}} >` + + . '''Good''': `{{ img_tag(url, width, height) }}` + + You should avoid having code in your template. Some template libraries let you put any code you want between their tags. This is as bad an idea as putting HTML sprinkled throughout your code. It also makes the templates harder to translate (the translator has to understand the code) and is a maintenance burden (eg if you have similar code in multiple templates then they may all require changing for code updates). Instead you should be able to define a meaningfully named function that is part of the data supplied to the template. + + . '''Bad''': `{{ if(info_level>3 && info_items.length>0 && show_issues) }} <h2>Important issues</h2> ... {{/if}}` + + . '''Good''': `{{ if (has_important()) }} <h2>Important issues</h2> ... {{/if}}` == Constraints == The Javascript view server and the environment the code run in mean that some existing Javascript templating libraries will not work. @@ -37, +47 @@ Foo is not true-ish <% } %> }}} - Note that this library has no support, bug tracker or development/test/release process. === mustache.js ===
