xslate sv perl-2013-7-11
TRANSCRIPT
Myself
Call me Goro
Working at Sunnyvale from May 2013
CPAN author
Xslate, Mouse, patches to Perl itself
My favorites
Perl as a text processor
esp. regular expressions
Perl as a testing driver
JSX, a typed JavaScript
My Requests
Feel free to ask for questions
Please say it slowly and clearly XD
Agenda
What is a template engine
What is Xslate
How to use Xslate
What is a template engine
Modules to build a text with dynamic parameters
Without Template Engine
sprintf(“Hello, %s”, “world”)
“Hello %HOME%” =~ s/%(\w+)%/$ENV{$1}/gr
With Template Egine
use Text::Xslate;
my $xslate = Text::Xslate->new();
say $xslate->render(‘hello.tx’, { a => ‘Xslate’);
# where hello.tx contains:
Hello, <: $a :> world!
When to use?
Make HTML pages
Make mail reports
Whenever you build a text with parameters
CPAN Template Engines
Template Toolkit
Mason
HTML::Template (::Pro)
Mojo::Template
Text::Xslate
and more
What is Xslate
Text::Xslate
Heavily inspired in:
Template Toolkit
Text::MicroTemplate
Template Toolkit
or TT2
Super popular
A lot of features and plugins
Easy to learn
XSS vulnerability
Text::MicroTemplate
or TMT
A tiny template engine
Much faster than TT2
Written in pure Perl
Smart escaping (XSS guard)
Smart Escaping (1)
XSS: <a href=”blah”><: $foo :></a>
where $foo is <script>alert(“XSS”)</script>
What does the template engine do?
Smart Escaping
TT2: prints it as is
TMT: prints <script>alert(“XSS”)</script>
escapes HTML meta characters (<, >, &, and etc.)
decides escaping by data type (described later)
means it is safer than writing HTML by yourself
Xslate
100+ times faster than TT2
Smart escaping, the same as TMT
Good for Plack/PSGI
Try Xslate
install: cpanm Text::Xslate
cli: xslate -e ‘Hello, <: $ARGV[0] :>’ Xslate
How to use Xslate
From Perl
use Text::Xslate;
my $tx = Text::Xslate->new();
print $tx->render($file, \%vars);
Variables
<: $foo :> # where $foo is a scalar
<: $foo[0] :> # where $foo is an array ref
<: $foo[“bar”] :> # where $foo is an hash ref
<: $foo.bar(42) :> # where $foo is an object
if, else
<: if $foo { $bar } :>
# shows $bar if $foo looks like true
<: if $foo { :>plain text<: } :>
# separated blocks
<: if $a { } else if $b { } else { } :>
# not elsif
Loops and Special Vars
for $array_ref -> $item { ... } # foreach
for $a -> $item { $~item.count } # specials
$~item.count # 1, 2, 3, ...
$~item.index # 0, 1, 2, ...
$~item.cycle(“a”, “b”) # a, b, a, b, ...
Include
include “foo.tx” # expand the template there
include “foo.tx” { foo => “bar” } # with vars
Template Cascading
a.k.a. template inheritance
more powerful “include”
Like class inheritance
define a default behavior of components
override them in a sub template
Utilities
need: Text::Xslate->new(module => [“Text::Xslate::Bridge::Star”])
and perldoc Text::Xslate::Manual::Builtin
substr(), uc(), lc(), sprintf(), etc, etc
<: function($arg) :> or <: $arg | function :>
From Perl
All the values are automatically escaped
but you can prevent them from escaping:
$vars{foo} = mark_raw($widget)
# where $widget includes HTML tags
# marks it to “show it as is”
Conclusion
Xslate is a
super fast,
powerful,
and XSS-free template engine