tj.crowder at farsightsoftware.com (2018-12-13T18:48:53.861Z)
On Thu, Dec 13, 2018 at 5:56 PM Mark Miller
<erights at gmail.com> wrote:
>
> I like String.cooked best. While I agree that method names should
> generally be verbs, I suggest this rule should *not* be used for
> template literal tag names.
Fair enough, but the primary use of this function is *not* using it as a
tag function, but rather as a normal function. It doesn't make sense to use
it as a tag function, the result is the same as an untagged template. The
only use case I could see for using it as a tag function is if you were
selecting from several tag functions at runtime and needed a "no-op" option.
But called normally, it's a useful helper, for instance in Isiah's `escape`
(where I assume the literal strings are already trusted, the substitutions
are not):
```js
const escapeHTML = val => String(val).replace(/&/g, "&").replace(/</g,
"<");
const escape = (strings, ...subs) => {
return String.cook(strings, ...subs.map(escapeHTML));
};
const foo = "<script>alert('maliciousness!');<\/script>";
console.log(escape`<p>${foo}</p>`);
// => <p>&lt;script>alert('maliciousness!');&lt;/script></p>
```
(http://jsfiddle.net/n6p7xcvm/)
I'm not that bothered either way, but I'd say it's a utility for tag
functions to use, not a tag function itself.
-- T.J. Crowdertj.crowder at farsightsoftware.com (2018-12-13T18:47:49.927Z)
On Thu, Dec 13, 2018 at 5:56 PM Mark Miller
<erights at gmail.com> wrote:
>
> I like String.cooked best. While I agree that method names should
> generally be verbs, I suggest this rule should *not* be used for
> template literal tag names.
Fair enough, but the primary use of this function is *not* using it as a
tag function, but rather as a normal function. It doesn't make sense to use
it as a tag function, the result is the same as an untagged template. The
only use case I could see for using it as a tag function is if you were
selecting from several tag functions at runtime and needed a "no-op" option.
But called normally, it's a useful helper, for instance in Isiah's `escape`
(where I assume the literal strings are already trusted, the substitutions
are not):
```js
const escapeHTML = val => String(val).replace(/&/g, "&").replace(/</g,
"<");
const escape = (strings, ...subs) => {
return String.cook(strings, ...subs.map(escapeHTML));
};
const foo = "<script>alert('maliciousness!');<\/script>";
console.log(escape`<p>${foo}</p>`);
// => <p><script>alert('maliciousness!');</script></p>
```
(http://jsfiddle.net/n6p7xcvm/)
I'm not that bothered either way, but I'd say it's a utility for tag
functions to use, not a tag function itself.
-- T.J. Crowder
On Thu, Dec 13, 2018 at 5:56 PM Mark Miller <erights at gmail.com> wrote: > > I like String.cooked best. While I agree that method names should > generally be verbs, I suggest this rule should *not* be used for > template literal tag names. Fair enough, but the primary use of this function is *not* using it as a tag function, but rather as a normal function. It doesn't make sense to use it as a tag function, the result is the same as an untagged template. The only use case I could see for using it as a tag function is if you were selecting from several tag functions at runtime and needed a "no-op" option. But called normally, it's a useful helper, for instance in Isiah's `escape` (where I assume the literal strings are already trusted, the substitutions are not): ```js const escapeHTML = val => String(val).replace(/&/g, "&").replace(/</g, "<"); const escape = (strings, ...subs) => { return *String.cook(strings, ...subs.map(escapeHTML)*); }; const foo = "<script>alert('maliciousness!');<\/script>"; console.log(escape`<p>${foo}</p>`); // => <p><script>alert('maliciousness!');</script></p> ``` (http://jsfiddle.net/n6p7xcvm/) I'm not that bothered either way, but I'd say it's a utility for tag functions to use, not a tag function itself. -- T.J. Crowder -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20181213/81c3b292/attachment.html>