raxx_view

v0.1.7

raxx_view v0.1.7 Raxx.View

Generate views from .eex template files.

Using this module will add the functions html and render to a module.

To create layouts that can be reused across multiple pages check out Raxx.View.Layout.

Example 

# greet.html.eex
<p>Hello, <%= name %></p>

# layout.html.eex
<h1>Greetings</h1>
<%= __content__ %>

# greet.ex
defmodule Greet do
  use Raxx.View,
    arguments: [:name],
    layout: "layout.html.eex"
end

# iex -S mix
Greet.html("Alice")
# => "<h1>Greetings</h1>\n<p>Hello, Alice</p>"

Raxx.response(:ok)
|> Greet.render("Bob")
# => %Raxx.Response{
#      status: 200,
#      headers: [{"content-type", "text/html"}],
#      body: "<h1>Greetings</h1>\n<p>Hello, Bob</p>"
#    }

Options

  • arguments: A list of atoms for variables used in the template. This will be the argument list for the html function. The render function takes one additional argument to this list, a response struct.

  • template (optional): The eex file containing a main content template. If not given the template file will be generated from the file of the calling module. i.e. path/to/file.ex -> path/to/file.html.eex

  • layout (optional): An eex file containing a layout template. This template can use all the same variables as the main template. In addition it must include the content using <%= __content__ %>

Safety

XSS (Cross Site Scripting) Prevention

All content interpolated into a view is escaped.

iex> Greet.html("<script>")
# => "<h1>Greetings</h1>\n<p>Hello, &lt;script&gt;</p>"

Values in the template can be marked as secure using the EExHTML.raw/1 function. raw is automatically imported to the template scope.

# greet.html.eex
<p>Hello, <%= raw name %></p>

JavaScript

Including untrusted data inside any other JavaScript context is quite dangerous, as it is extremely easy to switch into an execution context with characters including (but not limited to) semi-colon, equals, space, plus, and many more, so use with caution. XSS Prevention Cheat Sheet

DONT DO THIS

<script type="text/javascript">
  console.log('Hello, ' + <%= name %>)
</script>

Use javascript_variables/1 for injecting variables into any JavaScript environment.

Link to this section Summary

Functions

partial(name, arguments, options \\ [])

Generate template partials from eex templates.

Link to this section Functions

Link to this macro

partial(name, arguments, options \\ []) (macro)

Generate template partials from eex templates.