T.J. Crowder (2018-12-13T18:37:17.000Z)
tj.crowder at farsightsoftware.com (2018-12-13T18:48:53.861Z)
On Thu, Dec 13, 2018 at 5:56 PM Mark Miller <erights at gmail.com> wrote: > > I like String.cooked best. While I agree that method names should > generally be verbs, I suggest this rule should *not* be used for > template literal tag names. Fair enough, but the primary use of this function is *not* using it as a tag function, but rather as a normal function. It doesn't make sense to use it as a tag function, the result is the same as an untagged template. The only use case I could see for using it as a tag function is if you were selecting from several tag functions at runtime and needed a "no-op" option. But called normally, it's a useful helper, for instance in Isiah's `escape` (where I assume the literal strings are already trusted, the substitutions are not): ```js const escapeHTML = val => String(val).replace(/&/g, "&").replace(/</g, "<"); const escape = (strings, ...subs) => { return String.cook(strings, ...subs.map(escapeHTML)); }; const foo = "<script>alert('maliciousness!');<\/script>"; console.log(escape`<p>${foo}</p>`); // => <p>&lt;script>alert('maliciousness!');&lt;/script></p> ``` (http://jsfiddle.net/n6p7xcvm/) I'm not that bothered either way, but I'd say it's a utility for tag functions to use, not a tag function itself. -- T.J. Crowder
tj.crowder at farsightsoftware.com (2018-12-13T18:47:49.927Z)
On Thu, Dec 13, 2018 at 5:56 PM Mark Miller <erights at gmail.com> wrote: > > I like String.cooked best. While I agree that method names should > generally be verbs, I suggest this rule should *not* be used for > template literal tag names. Fair enough, but the primary use of this function is *not* using it as a tag function, but rather as a normal function. It doesn't make sense to use it as a tag function, the result is the same as an untagged template. The only use case I could see for using it as a tag function is if you were selecting from several tag functions at runtime and needed a "no-op" option. But called normally, it's a useful helper, for instance in Isiah's `escape` (where I assume the literal strings are already trusted, the substitutions are not): ```js const escapeHTML = val => String(val).replace(/&/g, "&").replace(/</g, "<"); const escape = (strings, ...subs) => { return String.cook(strings, ...subs.map(escapeHTML)); }; const foo = "<script>alert('maliciousness!');<\/script>"; console.log(escape`<p>${foo}</p>`); // => <p><script>alert('maliciousness!');</script></p> ``` (http://jsfiddle.net/n6p7xcvm/) I'm not that bothered either way, but I'd say it's a utility for tag functions to use, not a tag function itself. -- T.J. Crowder