ginger-0.3.9.1: An implementation of the Jinja2 template language in Haskell

Safe HaskellNone
LanguageHaskell2010

Text.Ginger.Html

Description

A HTML type, useful for implementing type-safe conversion between plain text and HTML. The HTML representation used here assumed Unicode throughout, and UTF-8 should be used as the encoding when sending Html objects as responses to a HTTP client.

Synopsis

Documentation

data Html Source #

A chunk of HTML source.

Instances

Eq Html Source # 

Methods

(==) :: Html -> Html -> Bool #

(/=) :: Html -> Html -> Bool #

Ord Html Source # 

Methods

compare :: Html -> Html -> Ordering #

(<) :: Html -> Html -> Bool #

(<=) :: Html -> Html -> Bool #

(>) :: Html -> Html -> Bool #

(>=) :: Html -> Html -> Bool #

max :: Html -> Html -> Html #

min :: Html -> Html -> Html #

Show Html Source # 

Methods

showsPrec :: Int -> Html -> ShowS #

show :: Html -> String #

showList :: [Html] -> ShowS #

Monoid Html Source # 

Methods

mempty :: Html #

mappend :: Html -> Html -> Html #

mconcat :: [Html] -> Html #

ToHtml Html Source #

Html itself is a trivial instance

Methods

toHtml :: Html -> Html Source #

ToGVal m Html Source #

This instance is slightly wrong; the asBoolean, asNumber, and asText methods all treat the HTML source as plain text. We do this to avoid parsing the HTML back into a Text (and dealing with possible parser errors); the reason this instance exists at all is that we still want to be able to pass pre-rendered HTML around sometimes, and as long as we don't call any numeric or string functions on it, everything is fine. When such HTML values accidentally do get used as strings, the HTML source will bleed into the visible text, but at least this will not introduce an XSS vulnerability.

It is therefore recommended to avoid passing Html values into templates, and also to avoid calling any string functions on Html values inside templates (e.g. capturing macro output and then passing it through a textual filter).

Methods

toGVal :: Html -> GVal m Source #

unsafeRawHtml :: Text -> Html Source #

Convert a chunk of HTML source code into an Html value as-is. Note that this bypasses any and all HTML encoding; the caller is responsible for taking appropriate measures against XSS and other potential vulnerabilities. In other words, the input to this function is considered pre-sanitized.

html :: Text -> Html Source #

Safely convert plain text to HTML.

htmlSource :: Html -> Text Source #

Extract HTML source code from an Html value.

class ToHtml s where Source #

Types that support conversion to HTML.

Minimal complete definition

toHtml

Methods

toHtml :: s -> Html Source #

Instances

ToHtml Text Source #

Text is automatically HTML-encoded

Methods

toHtml :: Text -> Html Source #

ToHtml Html Source #

Html itself is a trivial instance

Methods

toHtml :: Html -> Html Source #

ToHtml [Char] Source #

String is automatically HTML-encoded and converted to Text

Methods

toHtml :: [Char] -> Html Source #

ToHtml (GVal m) Source #

Converting to HTML hooks into the ToHtml instance for Text for most tags. Tags that have no obvious textual representation render as empty HTML.

Methods

toHtml :: GVal m -> Html Source #