-
-
Notifications
You must be signed in to change notification settings - Fork 288
/
Copy pathjs.go
40 lines (37 loc) · 1.3 KB
/
js.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package templ
import (
"crypto/sha256"
"encoding/hex"
"html"
)
// JSUnsafeFuncCall calls arbitrary JavaScript in the js parameter.
//
// Use of this function presents a security risk - the JavaScript must come
// from a trusted source, because it will be included as-is in the output.
func JSUnsafeFuncCall[T ~string](js T) ComponentScript {
sum := sha256.Sum256([]byte(js))
return ComponentScript{
Name: "jsUnsafeFuncCall_" + hex.EncodeToString(sum[:]),
// Function is empty because the body of the function is defined elsewhere,
// e.g. in a <script> tag within a templ.Once block.
Function: "",
Call: html.EscapeString(string(js)),
CallInline: string(js),
}
}
// JSFuncCall calls a JavaScript function with the given arguments.
//
// It can be used in event handlers, e.g. onclick, onhover, etc. or
// directly in HTML.
func JSFuncCall[T ~string](functionName T, args ...any) ComponentScript {
call := SafeScript(string(functionName), args...)
sum := sha256.Sum256([]byte(call))
return ComponentScript{
Name: "jsFuncCall_" + hex.EncodeToString(sum[:]),
// Function is empty because the body of the function is defined elsewhere,
// e.g. in a <script> tag within a templ.Once block.
Function: "",
Call: call,
CallInline: SafeScriptInline(string(functionName), args...),
}
}