Xslate sv perl-2013-7-11
Upcoming SlideShare
Loading in...5

Xslate sv perl-2013-7-11






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Because Xslate has been inspired in TT2 Text::MicroTemplate, I’d like to introduce some features about them
  • TT2 is super popular template
  • TT2 and TMT lead Xslate, which is extremely faster than TT2 and borrows smart escaping from TMT, and Xslate has been made after PSGI, its API is suitable for PSGI, BTW, do you know PSGI or Plack? PSGI is a web application specification just like as CGI and Plack is a toolkit compatible with PSGI. To be simple, a feature which runs web applications
  • Do you know cpanm? This is a kind of cpan command but more fast and easy. And Xslate has a command line interface so you can easily evaluate a simple statement [DEMO]
  • Use of Xslate is super simple. Just three statements. Loading, creating an instance, and rendering a template.
  • When you want to split the template files, for example, to header files, body files, and footer files, you can use “include” directives.
  • Template cascading, also known as template inheritance which is implemented in Django and Smarty, is another form of “include”.

Xslate sv perl-2013-7-11 Xslate sv perl-2013-7-11 Presentation Transcript

  • Xslate, a template engine Goro Fuji gfuji@cpan.org 2013-7-11 @ SVPerl
  • Myself Call me Goro Working at Sunnyvale from May 2013 CPAN author Xslate, Mouse, patches to Perl itself
  • My favorites Perl as a text processor esp. regular expressions Perl as a testing driver JSX, a typed JavaScript
  • My Requests Feel free to ask for questions Please say it slowly and clearly XD
  • Agenda What is a template engine What is Xslate How to use Xslate
  • What is a template engine Modules to build a text with dynamic parameters
  • Without Template Engine sprintf(“Hello, %s”, “world”) “Hello %HOME%” =~ s/%(w+)%/$ENV{$1}/gr
  • With Template Egine use Text::Xslate; my $xslate = Text::Xslate->new(); say $xslate->render(‘hello.tx’, { a => ‘Xslate’); # where hello.tx contains: Hello, <: $a :> world!
  • When to use? Make HTML pages Make mail reports Whenever you build a text with parameters
  • CPAN Template Engines Template Toolkit Mason HTML::Template (::Pro) Mojo::Template Text::Xslate and more
  • What is Xslate
  • Text::Xslate Heavily inspired in: Template Toolkit Text::MicroTemplate
  • Template Toolkit or TT2 Super popular A lot of features and plugins Easy to learn XSS vulnerability
  • Text::MicroTemplate or TMT A tiny template engine Much faster than TT2 Written in pure Perl Smart escaping (XSS guard)
  • Smart Escaping (1) XSS: <a href=”blah”><: $foo :></a> where $foo is <script>alert(“XSS”)</script> What does the template engine do?
  • Smart Escaping TT2: prints it as is TMT: prints &lt;script&gt;alert(“XSS”)&lt;/script&gt; escapes HTML meta characters (<, >, &, and etc.) decides escaping by data type (described later) means it is safer than writing HTML by yourself
  • Xslate 100+ times faster than TT2 Smart escaping, the same as TMT Good for Plack/PSGI
  • Try Xslate install: cpanm Text::Xslate cli: xslate -e ‘Hello, <: $ARGV[0] :>’ Xslate
  • How to use Xslate
  • From Perl use Text::Xslate; my $tx = Text::Xslate->new(); print $tx->render($file, %vars);
  • Variables <: $foo :> # where $foo is a scalar <: $foo[0] :> # where $foo is an array ref <: $foo[“bar”] :> # where $foo is an hash ref <: $foo.bar(42) :> # where $foo is an object
  • if, else <: if $foo { $bar } :> # shows $bar if $foo looks like true <: if $foo { :>plain text<: } :> # separated blocks <: if $a { } else if $b { } else { } :> # not elsif
  • Loops and Special Vars for $array_ref -> $item { ... } # foreach for $a -> $item { $~item.count } # specials $~item.count # 1, 2, 3, ... $~item.index # 0, 1, 2, ... $~item.cycle(“a”, “b”) # a, b, a, b, ...
  • Include include “foo.tx” # expand the template there include “foo.tx” { foo => “bar” } # with vars
  • Template Cascading a.k.a. template inheritance more powerful “include” Like class inheritance define a default behavior of components override them in a sub template
  • Utilities need: Text::Xslate->new(module => [“Text::Xslate::Bridge::Star”]) and perldoc Text::Xslate::Manual::Builtin substr(), uc(), lc(), sprintf(), etc, etc <: function($arg) :> or <: $arg | function :>
  • From Perl All the values are automatically escaped but you can prevent them from escaping: $vars{foo} = mark_raw($widget) # where $widget includes HTML tags # marks it to “show it as is”
  • Conclusion Xslate is a super fast, powerful, and XSS-free template engine