Xslate sv perl-2013-7-11
Download as PPT, PDF
1 like2,759 views
Goro Fuji presented on the Xslate template engine. Xslate is heavily inspired by Template Toolkit and Text::MicroTemplate. It aims to be 100+ times faster than Template Toolkit with smart escaping of HTML to prevent XSS vulnerabilities, similar to Text::MicroTemplate. The presentation covered how to install and use Xslate from Perl, supported features like variables, loops, includes, and utilities.
![Try Xslate
install: cpanm Text::Xslate
cli: xslate -e Hello, <: $ARGV[0] :> Xslate](https://image.slidesharecdn.com/xslate-svperl-2013-7-11-130715003146-phpapp02/85/Xslate-sv-perl-2013-7-11-18-320.jpg)
![Variables
<: $foo :> # where $foo is a scalar
<: $foo[0] :> # where $foo is an array ref
<: $foo[bar] :> # where $foo is an hash ref
<: $foo.bar(42) :> # where $foo is an object](https://image.slidesharecdn.com/xslate-svperl-2013-7-11-130715003146-phpapp02/85/Xslate-sv-perl-2013-7-11-21-320.jpg)
![Utilities
need: Text::Xslate->new(module =>
[Text::Xslate::Bridge::Star])
and perldoc Text::Xslate::Manual::Builtin
substr(), uc(), lc(), sprintf(), etc, etc
<: function($arg) :> or <: $arg | function :>](https://image.slidesharecdn.com/xslate-svperl-2013-7-11-130715003146-phpapp02/85/Xslate-sv-perl-2013-7-11-26-320.jpg)
Xslate sv perl-2013-7-11
- 1. Xslate, a template engine Goro Fuji gfuji@cpan.org 2013-7-11 @ SVPerl
- 2. Myself Call me Goro Working at Sunnyvale from May 2013 CPAN author Xslate, Mouse, patches to Perl itself
- 3. My favorites Perl as a text processor esp. regular expressions Perl as a testing driver JSX, a typed JavaScript
- 4. My Requests Feel free to ask for questions Please say it slowly and clearly XD
- 5. Agenda What is a template engine What is Xslate How to use Xslate
- 6. What is a template engine Modules to build a text with dynamic parameters
- 7. Without Template Engine sprintf(Hello, %s, world) Hello %HOME% =~ s/%(w+)%/$ENV{$1}/gr
- 8. With Template Egine use Text::Xslate; my $xslate = Text::Xslate->new(); say $xslate->render(hello.tx, { a => Xslate); # where hello.tx contains: Hello, <: $a :> world!
- 9. When to use? Make HTML pages Make mail reports Whenever you build a text with parameters
- 10. CPAN Template Engines Template Toolkit Mason HTML::Template (::Pro) Mojo::Template Text::Xslate and more
- 11. What is Xslate
- 12. Text::Xslate Heavily inspired in: Template Toolkit Text::MicroTemplate
- 13. Template Toolkit or TT2 Super popular A lot of features and plugins Easy to learn XSS vulnerability
- 14. Text::MicroTemplate or TMT A tiny template engine Much faster than TT2 Written in pure Perl Smart escaping (XSS guard)
- 15. Smart Escaping (1) XSS: <a href=blah><: $foo :></a> where $foo is <script>alert(XSS)</script> What does the template engine do?
- 16. Smart Escaping TT2: prints it as is TMT: prints <script>alert(XSS)</script> escapes HTML meta characters (<, >, &, and etc.) decides escaping by data type (described later) means it is safer than writing HTML by yourself
- 17. Xslate 100+ times faster than TT2 Smart escaping, the same as TMT Good for Plack/PSGI
- 18. Try Xslate install: cpanm Text::Xslate cli: xslate -e Hello, <: $ARGV[0] :> Xslate
- 19. How to use Xslate
- 20. From Perl use Text::Xslate; my $tx = Text::Xslate->new(); print $tx->render($file, %vars);
- 21. Variables <: $foo :> # where $foo is a scalar <: $foo[0] :> # where $foo is an array ref <: $foo[bar] :> # where $foo is an hash ref <: $foo.bar(42) :> # where $foo is an object
- 22. if, else <: if $foo { $bar } :> # shows $bar if $foo looks like true <: if $foo { :>plain text<: } :> # separated blocks <: if $a { } else if $b { } else { } :> # not elsif
- 23. Loops and Special Vars for $array_ref -> $item { ... } # foreach for $a -> $item { $~item.count } # specials $~item.count # 1, 2, 3, ... $~item.index # 0, 1, 2, ... $~item.cycle(a, b) # a, b, a, b, ...
- 24. Include include foo.tx # expand the template there include foo.tx { foo => bar } # with vars
- 25. Template Cascading a.k.a. template inheritance more powerful include Like class inheritance define a default behavior of components override them in a sub template
- 26. Utilities need: Text::Xslate->new(module => [Text::Xslate::Bridge::Star]) and perldoc Text::Xslate::Manual::Builtin substr(), uc(), lc(), sprintf(), etc, etc <: function($arg) :> or <: $arg | function :>
- 27. From Perl All the values are automatically escaped but you can prevent them from escaping: $vars{foo} = mark_raw($widget) # where $widget includes HTML tags # marks it to show it as is
- 28. Conclusion Xslate is a super fast, powerful, and XSS-free template engine
Editor's Notes
- #13: Because Xslate has been inspired in TT2 Text::MicroTemplate, Id like to introduce some features about them
- #14: TT2 is super popular template
- #18: TT2 and TMT lead Xslate, which is extremely faster than TT2 and borrows smart escaping from TMT, and Xslate has been made after PSGI, its API is suitable for PSGI, BTW, do you know PSGI or Plack? PSGI is a web application specification just like as CGI and Plack is a toolkit compatible with PSGI. To be simple, a feature which runs web applications
- #19: Do you know cpanm? This is a kind of cpan command but more fast and easy. And Xslate has a command line interface so you can easily evaluate a simple statement [DEMO]
- #21: Use of Xslate is super simple. Just three statements. Loading, creating an instance, and rendering a template.
- #25: When you want to split the template files, for example, to header files, body files, and footer files, you can use include directives.
- #26: Template cascading, also known as template inheritance which is implemented in Django and Smarty, is another form of include.