Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Xslate, a template engine
Goro Fuji
gfuji@cpan.org
2013-7-11 @ SVPerl
Myself
Call me Goro
Working at Sunnyvale from May 2013
CPAN author
Xslate, Mouse, patches to Perl itself
My favorites
Perl as a text processor
esp. regular expressions
Perl as a testing driver
JSX, a typed JavaScript
My Requests
Feel free to ask for questions
Please say it slowly and clearly XD
Agenda
What is a template engine
What is Xslate
How to use Xslate
What is a template
engine
Modules to build a text with dynamic
parameters
Without Template Engine
sprintf(“Hello, %s”, “world”)
“Hello %HOME%” =~ s/%(w+)%/$ENV{$1}/gr
With Template Egine
use Text::Xslate;
my $xslate = Text::Xslate->new();
say $xslate->render(‘hello.tx’, { a => ‘Xslate’);
...
When to use?
Make HTML pages
Make mail reports
Whenever you build a text with parameters
CPAN Template Engines
Template Toolkit
Mason
HTML::Template (::Pro)
Mojo::Template
Text::Xslate
and more
What is Xslate
Text::Xslate
Heavily inspired in:
Template Toolkit
Text::MicroTemplate
Template Toolkit
or TT2
Super popular
A lot of features and plugins
Easy to learn
XSS vulnerability
Text::MicroTemplate
or TMT
A tiny template engine
Much faster than TT2
Written in pure Perl
Smart escaping (XSS guard)
Smart Escaping (1)
XSS: <a href=”blah”><: $foo :></a>
where $foo is <script>alert(“XSS”)</script>
What does the template e...
Smart Escaping
TT2: prints it as is
TMT: prints &lt;script&gt;alert(“XSS”)&lt;/script&gt;
escapes HTML meta characters (<,...
Xslate
100+ times faster than TT2
Smart escaping, the same as TMT
Good for Plack/PSGI
Try Xslate
install: cpanm Text::Xslate
cli: xslate -e ‘Hello, <: $ARGV[0] :>’ Xslate
How to use Xslate
From Perl
use Text::Xslate;
my $tx = Text::Xslate->new();
print $tx->render($file, %vars);
Variables
<: $foo :> # where $foo is a scalar
<: $foo[0] :> # where $foo is an array ref
<: $foo[“bar”] :> # where $foo is...
if, else
<: if $foo { $bar } :>
# shows $bar if $foo looks like true
<: if $foo { :>plain text<: } :>
# separated blocks
<...
Loops and Special Vars
for $array_ref -> $item { ... } # foreach
for $a -> $item { $~item.count } # specials
$~item.count ...
Include
include “foo.tx” # expand the template there
include “foo.tx” { foo => “bar” } # with vars
Template Cascading
a.k.a. template inheritance
more powerful “include”
Like class inheritance
define a default behavior of...
Utilities
need: Text::Xslate->new(module =>
[“Text::Xslate::Bridge::Star”])
and perldoc Text::Xslate::Manual::Builtin
subs...
From Perl
All the values are automatically escaped
but you can prevent them from escaping:
$vars{foo} = mark_raw($widget)
...
Conclusion
Xslate is a
super fast,
powerful,
and XSS-free template engine
Upcoming SlideShare
Loading in …5
×

Xslate sv perl-2013-7-11

2,426 views

Published on

Published in: Technology
  • Be the first to comment

Xslate sv perl-2013-7-11

  1. 1. Xslate, a template engine Goro Fuji gfuji@cpan.org 2013-7-11 @ SVPerl
  2. 2. Myself Call me Goro Working at Sunnyvale from May 2013 CPAN author Xslate, Mouse, patches to Perl itself
  3. 3. My favorites Perl as a text processor esp. regular expressions Perl as a testing driver JSX, a typed JavaScript
  4. 4. My Requests Feel free to ask for questions Please say it slowly and clearly XD
  5. 5. Agenda What is a template engine What is Xslate How to use Xslate
  6. 6. What is a template engine Modules to build a text with dynamic parameters
  7. 7. Without Template Engine sprintf(“Hello, %s”, “world”) “Hello %HOME%” =~ s/%(w+)%/$ENV{$1}/gr
  8. 8. With Template Egine use Text::Xslate; my $xslate = Text::Xslate->new(); say $xslate->render(‘hello.tx’, { a => ‘Xslate’); # where hello.tx contains: Hello, <: $a :> world!
  9. 9. When to use? Make HTML pages Make mail reports Whenever you build a text with parameters
  10. 10. CPAN Template Engines Template Toolkit Mason HTML::Template (::Pro) Mojo::Template Text::Xslate and more
  11. 11. What is Xslate
  12. 12. Text::Xslate Heavily inspired in: Template Toolkit Text::MicroTemplate
  13. 13. Template Toolkit or TT2 Super popular A lot of features and plugins Easy to learn XSS vulnerability
  14. 14. Text::MicroTemplate or TMT A tiny template engine Much faster than TT2 Written in pure Perl Smart escaping (XSS guard)
  15. 15. Smart Escaping (1) XSS: <a href=”blah”><: $foo :></a> where $foo is <script>alert(“XSS”)</script> What does the template engine do?
  16. 16. Smart Escaping TT2: prints it as is TMT: prints &lt;script&gt;alert(“XSS”)&lt;/script&gt; escapes HTML meta characters (<, >, &, and etc.) decides escaping by data type (described later) means it is safer than writing HTML by yourself
  17. 17. Xslate 100+ times faster than TT2 Smart escaping, the same as TMT Good for Plack/PSGI
  18. 18. Try Xslate install: cpanm Text::Xslate cli: xslate -e ‘Hello, <: $ARGV[0] :>’ Xslate
  19. 19. How to use Xslate
  20. 20. From Perl use Text::Xslate; my $tx = Text::Xslate->new(); print $tx->render($file, %vars);
  21. 21. Variables <: $foo :> # where $foo is a scalar <: $foo[0] :> # where $foo is an array ref <: $foo[“bar”] :> # where $foo is an hash ref <: $foo.bar(42) :> # where $foo is an object
  22. 22. if, else <: if $foo { $bar } :> # shows $bar if $foo looks like true <: if $foo { :>plain text<: } :> # separated blocks <: if $a { } else if $b { } else { } :> # not elsif
  23. 23. Loops and Special Vars for $array_ref -> $item { ... } # foreach for $a -> $item { $~item.count } # specials $~item.count # 1, 2, 3, ... $~item.index # 0, 1, 2, ... $~item.cycle(“a”, “b”) # a, b, a, b, ...
  24. 24. Include include “foo.tx” # expand the template there include “foo.tx” { foo => “bar” } # with vars
  25. 25. Template Cascading a.k.a. template inheritance more powerful “include” Like class inheritance define a default behavior of components override them in a sub template
  26. 26. Utilities need: Text::Xslate->new(module => [“Text::Xslate::Bridge::Star”]) and perldoc Text::Xslate::Manual::Builtin substr(), uc(), lc(), sprintf(), etc, etc <: function($arg) :> or <: $arg | function :>
  27. 27. From Perl All the values are automatically escaped but you can prevent them from escaping: $vars{foo} = mark_raw($widget) # where $widget includes HTML tags # marks it to “show it as is”
  28. 28. Conclusion Xslate is a super fast, powerful, and XSS-free template engine

×