Jade

Code

Code

Jade makes it possible to write inline JavaScript code in your templates. There are three types of code.

Unbuffered Code

Unbuffered code starts with - does not add any output directly, e.g.

- for (var x = 0; x < 3; x++)
  li item
<li>item</li>
<li>item</li>
<li>item</li>

Jade also supports block unbuffered code:

-
  list = ["Uno", "Dos", "Tres",
          "Cuatro", "Cinco", "Seis"]
each item in list
  li= item
<li>Uno</li>
<li>Dos</li>
<li>Tres</li>
<li>Cuatro</li>
<li>Cinco</li>
<li>Seis</li>

Buffered Code

Buffered code starts with = and outputs the result of evaluating the JavaScript expression in the template. For security, it is first HTML escaped:

p
  = 'This code is <escaped>!'
<p>This code is &lt;escaped&gt;!
</p>

It can also be written inline with attributes, and supports the full range of JavaScript expressions:

p= 'This code is' + ' <escaped>!'
<p>This code is &lt;escaped&gt;!</p>

Unescaped Buffered Code

Unescaped buffered code starts with != and outputs the result of evaluating the JavaScript expression in the template. This does not do any escaping, so is not safe for user input:

p
  != 'This code is <strong>not</strong> escaped!'
<p>This code is <strong>not</strong> escaped!
</p>

It can also be written inline with attributes, and supports the full range of JavaScript expressions:

p!= 'This code is' + ' <strong>not</strong> escaped!'
<p>This code is <strong>not</strong> escaped!</p>

Danger

Unescaped buffered code can be dangerous. You must be sure to sanitize any user inputs to avoid cross-site scripting.


Disusun oleh Muhammad Zaini .com