A simple replacement for _.template
from either Underscore or Lodash
that removes the features that make those libraries incompatible with Content Security
Policy (CSP). Specifically, this implementation supports only interpolation (escaped and
unescaped) and does not support JS evaluation.
Just like you would have used _.template
:
var makeTemplate = require('@silvermine/undertemplate'),
template = makeTemplate('Hello <%= name %>');
console.log(template({ name: 'John Smith' }));
Of course, we only support:
<%= … %>
: interpolate a value<%- … %>
: interpolate and HTML escape a value
The following are NOT supported:
<% … %>
: JS evaluation<% print('Hello ' + epithet); %>
: JS evaluation with theprint
function
Templating in Underscore/Lodash was operating by building up a JS function as a string. This meant that if your template referred to a variable that did not exist, you would get a JS error thrown. In this library, however, undefined variables in the template will result in an empty string being placed in that location.
We rely on Lodash to provide a number of convenience functions that would require polyfills to support a wide array of browsers. To help reduce bloat, we do two things:
- Rely on a fairly loose version of Lodash:
4.x
, meaning that if you already have it as a dependency, we'll use your version. - Only
require('lodash/foo')
for eachfoo
function we need. This helps if you're using UnderTemplate in a browserify-style environment since only the files from Lodash that are actually needed will be included in your bundle.
We genuinely appreciate external contributions. See our extensive documentation on how to contribute.
This software is released under the MIT license. See the license file for more details.