File: code.jade

package info (click to toggle)
node-jade 1.5.0%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: buster, jessie, jessie-kfreebsd, stretch
  • size: 1,984 kB
  • ctags: 315
  • sloc: makefile: 4
file content (86 lines) | stat: -rw-r--r-- 2,370 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
extends ../reference.jade

block documentation
  h1 Code

  p Jade makes it possible to write inline JavaScript code in your templates.  There are three types of code.

  h2 Unbuffered Code

  p Unbuffered code starts with <code>-</code> does not add any output directly, e.g.

  .row(data-control='interactive')
    .col-lg-6
      +jade
        :jadesrc
          - for (var x = 0; x < 3; x++)
            li item
    .col-lg-6
      +html
        :htmlsrc
          <li>item</li>
          <li>item</li>
          <li>item</li>

  h2 Buffered Code

  p Buffered code starts with <code>=</code> and outputs the result of evaluating the JavaScript expression in the template.  For security, it is first HTML escaped:


  .row(data-control='interactive')
    .col-lg-6
      +jade
        :jadesrc
          p
            = 'This code is <escaped>!'
    .col-lg-6
      +html
        :htmlsrc
          <p>This code is &lt;escaped&gt;!</p>

  p It can also be written inline with attributes, and supports the full range of JavaScript expressions:

  .row(data-control='interactive')
    .col-lg-6
      +jade
        :jadesrc
          p= 'This code is' + ' <escaped>!'
    .col-lg-6
      +html
        :htmlsrc
          <p>This code is &lt;escaped&gt;!</p>

  h2 Unescaped Buffered Code

  p Unescaped buffered code starts with <code>!=</code> and outputs the result of evaluating the JavaScript expression in the template.  This does not do any escaping, so is not safe for user input:


  .row(data-control='interactive')
    .col-lg-6
      +jade
        :jadesrc
          p
            != 'This code is <strong>not</strong> escaped!'
    .col-lg-6
      +html
        :htmlsrc
          <p>This code is <strong>not</strong> escaped!</p>

  p It can also be written inline with attributes, and supports the full range of JavaScript expressions:

  .row(data-control='interactive')
    .col-lg-6
      +jade
        :jadesrc
          p!= 'This code is <strong>not</strong> escaped!'
    .col-lg-6
      +html
        :htmlsrc
          <p>This code is <strong>not</strong> escaped!</p>
  .panel.panel-danger
    .panel-heading Danger
    .panel-body
      p.
        Unescaped buffered code can be dangerous.
        You must be sure to sanatize any user inputs to avoid
        #[a(href='http://en.wikipedia.org/wiki/Cross-site_scripting') Cross Site Scripting]