ginger-0.1.6.0: An implementation of the Jinja2 template language in Haskell

Safe HaskellNone
LanguageHaskell2010

Text.Ginger.Html

Description

A HTML type, useful for implementing type-safe conversion between plain text and HTML. The HTML representation used here assumed Unicode throughout, and UTF-8 should be used as the encoding when sending Html objects as responses to a HTTP client.

Synopsis

Documentation

data Html Source

A chunk of HTML source.

Instances

Eq Html Source 
Ord Html Source 
Show Html Source 
Monoid Html Source 
ToHtml Html Source

Html itself is a trivial instance

ToGVal m Html Source

This instance is slightly wrong; the asBoolean, asNumber, and asText methods all treat the HTML source as plain text. We do this to avoid parsing the HTML back into a Text (and dealing with possible parser errors); the reason this instance exists at all is that we still want to be able to pass pre-rendered HTML around sometimes, and as long as we don't call any numeric or string functions on it, everything is fine. When such HTML values accidentally do get used as strings, the HTML source will bleed into the visible text, but at least this will not introduce an XSS vulnerability.

It is therefore recommended to avoid passing Html values into templates, and also to avoid calling any string functions on Html values inside templates (e.g. capturing macro output and then passing it through a textual filter).

unsafeRawHtml :: Text -> Html Source

Convert a chunk of HTML source code into an Html value as-is. Note that this bypasses any and all HTML encoding; the caller is responsible for taking appropriate measures against XSS and other potential vulnerabilities. In other words, the input to this function is considered pre-sanitized.

html :: Text -> Html Source

Safely convert plain text to HTML.

htmlSource :: Html -> Text Source

Extract HTML source code from an Html value.

class ToHtml s where Source

Types that support conversion to HTML.

Methods

toHtml :: s -> Html Source

Instances

ToHtml Text Source

Text is automatically HTML-encoded

ToHtml Html Source

Html itself is a trivial instance

ToHtml [Char] Source

String is automatically HTML-encoded and converted to Text

ToHtml (GVal m) Source

Converting to HTML hooks into the ToHtml instance for Text for most tags. Tags that have no obvious textual representation render as empty HTML.