text template

[fils]

Is there something like Go's text template (ref: http://golang.org/pkg/text/template/ ) in Dart ?

I use this to process SPARQL commands and it's very slick.  Hoping something like this is in Dart, but when I search I mostly get web html template related results.

Doug

[Greg Lowe]

Would mustache templates fit your use case?

http://pub.dartlang.org/packages/mustache
http://mustache.github.com/mustache.5.html

[fils]

Greg,

  On first inspection, I think it would, I will definitely give it a try.   I just need to loop in multiple elements into a SPARQL query.     I'll let you know how it goes.

Thanks

Doug

[fils]

Greg,

  It's a nice template library, and it flowed in and works easily.  Can it do something like..  

  Based on the examples:

  I can do:  {{#legs}} ?sliceKey iodp:leg "{{legnumber}}" . {{/legs}}   

  and get based on my hash:  ?sliceKey iodp:leg "203" .  ?sliceKey iodp:leg "204" .  ?sliceKey iodp:leg "205" . 

  I need to place UNION between them though..   so something like

  ?sliceKey iodp:leg "203" . UNION  ?sliceKey iodp:leg "204" . UNION   ?sliceKey iodp:leg "205" . 

  In Go this is achived like in:   {{range $i, $v := .mud}} {{if $i}} UNION {{end}} {?s lithology:mud {{$v}} .} {{end}} 

  Is it possible to do this in Mustache templates?

On Friday, April 5, 2013 4:36:02 PM UTC-5, Greg Lowe wrote:

[Greg Lowe]

It sounds like you want to use separators. Here's how it's done in ruby:

https://gist.github.com/defunkt/404480

Problem is, this uses lambdas which the dart mustache package doesn't support yet.

So this is what you'll have to do in the meantime:

Template:

{{#section}}

{{name}}

{{^is_last}}, {{/is_last}}

{{/section}}

Data:

{"section": [

   {"name": "bob", "is_last": false},

   {"name": "jim", "is_last": false},

   {"name": "sally", "is_last": true}

]}

Output:

bob, jim, sally

You could write a helper function to add the is_last fields to the data.

--
Consider asking HOWTO questions at Stack Overflow: http://stackoverflow.com/tags/dart
 
 

[fils]

looks like this will work and adding in the field isn't too much of an issue..  

since I am using SPARQL I use the { in the UNION statements.  I think I am running into the situation where I am eating the characters in the processing since it thinks they are part of the delimiter {{     

Is there a way to escape {'s that are not to be read by the parser, or would it be better for me to just use the mustache feature to change the delimiter symbol? 

[Alex Tatumizer]

How about this:
let dart introduce new type of strings, e.g. in back quotes.
`foo` would be compiled to myStringSink.write("foo");
(you specify with certain directive that myStringSink should be used here, not hisStringSink - though in different place, it can be his).

Strings in back quotes can be highlighted differently

Otherwise, no templating engines or any new features are required, and it's good for all kinds of text generation (html, css, code etc).

Example:

main() {
  `<body>
      <h1> Markup examples  </h1> 
  `
      if (!items.empty) {
           `<table>`
           for (item in items) {
               `<tr>
                <td>${item.name}</td>
                <td>${item.price}</td>

              </tr>` 

           }    

           `</table>`

      } else {
         `<p> No items found.  Please add some inventory. Thank you! </p>`
      }
      `<div>
          Copyright ${year} ${author}";

       </div>

   <body>`

  } 
}

Will it make life easier?

[Ladislav Thon]

You just put XSS into the language.

Once you start to be serious about text templating, you will need special characters escaping, probably automatic and context-dependent. In my opinion, this is better handled by a standalone templating language.

LT

[Alex Tatumizer]

Special character escaping? But we introduce no new special characters here (backquote is not in wide use anyway). The rest of them are in dart anyway (interpolation construct ${..})

Standalone templating has the opposite problem - as you can see from examples in other posts, there's WAY too much of {{ going on, and there's a whole new programming language invented to substitute data. And after all of that that, it's still  difficult to see the real content, and, at least to my taste, the result doesn't look that nice.

Since in the web, generation of HTML /CSS is a very common problem, small amount of language support would be warranted IMO.  No?

--

[Ladislav Thon]

Special character escaping? But we introduce no new special characters here (backquote is not in wide use anyway).

Special characters of the language that you are generating, inside the interpolated expressions. If you are generating HTML, you have to consider what happens if ${item.name} looks like "My Very Long <script src='...'> Name".

 

Standalone templating has the opposite problem - as you can see from examples in other posts, there's WAY too much of {{ going on, and there's a whole new programming language invented to substitute data.

That's the point -- to have a language that is good at templating. It's not that simple, once you dive deep into it, and general purpose languages are not necessarily a good solution.

LT

[Alex Tatumizer]

@Ladislav: I got your point.

But I have one more trick up my sleeve to counter your counterexample :-)

Let's assume the following:

when backquotes string `foo` is used in a class, it is treated as call to method, say, backquote(str) in that class

(or raises methodNotFound, as usual)

class Foo {

   void backquote(str) { /* do womething with string */}

   void someMethod() {

      `foo`; `bar`;  // generates: backquote("foo"); backquote("bar")

   }

} 

Then we get flexibility as to what to do with "foo"/"bar", including possible escaping (via standard methods like htmlEscape(str), xmlEscape(str), jsonEscape(str) etc.

Does it fully address the problem? No?

--

[Ladislav Thon]

@Ladislav: I got your point.

But I have one more trick up my sleeve to counter your counterexample :-)

Let's assume the following:

when backquotes string `foo` is used in a class, it is treated as call to method, say, backquote(str) in that class

(or raises methodNotFound, as usual)

class Foo {

   void backquote(str) { /* do womething with string */}

   void someMethod() {

      `foo`; `bar`;  // generates: backquote("foo"); backquote("bar")

   }

} 

Then we get flexibility as to what to do with "foo"/"bar", including possible escaping (via standard methods like htmlEscape(str), xmlEscape(str), jsonEscape(str) etc.

Does it fully address the problem? No?

It doesn't look like it would be able to do this: http://googleonlinesecurity.blogspot.cz/2009/03/reducing-xss-by-way-of-automatic.html

LT

[fils]

Greg,

  Just noticed that setting the delimiter tag is in the "to do" so I will have to see if I can somehow sneak the {'s in.

   I have the string:

 var source2 = ("""
            PREFIX qb:  <http://purl.org/linked-data/cube#>
            PREFIX iodp: <http://data.oceandrilling.org/core/1/>
            PREFIX janus: <http://data.oceandrilling.org/janus/>
            PREFIX sdmx-dimension:  <http://purl.org/linked-data/sdmx/2009/dimension#>
            SELECT DISTINCT  ?slice
            FROM <http://data.oceandrilling.org/janus/>
            WHERE {
              {{#legs}}  { ?sliceKey iodp:leg "{{legnumber}}" . } {{^is_last}} UNION {{/is_last}}  {{/legs}}
            ?sliceKey iodp:site "1226" .
            ?slice  qb:sliceStructure <http://data.oceandrilling.org/janus/sliceByvcd_image> .
            ?slice qb:sliceStructure ?sliceKey .
            }
        """);

and all my sparql {'s are being eaten by the template engine I think.  

Thanks

Doug

[Greg Lowe]

Single braces should be ignored. If it's not doing this, then it's a bug in mustache.

Could you post a bug on github (https://github.com/xxgreg/mustache), if possible try an include a short program that reproduces this.

I'll have a look tonight.

[Greg Lowe]

Having used both types of templating, as in Alex's example above (ASP/JSP/PHP), and logic-less templates such as mustache/django templates, I see an advantage of keeping code out of the templates. Especially if you're working in a large team with a differing level of skills (templates can get ugly real fast at the hands of uber-eager-noobs).

Btw - mustache, by default, html escapes all variables (Though this can be disabled, i.e. for generating plaintext templates).

[Ladislav Thon]

Having used both types of templating, as in Alex's example above (ASP/JSP/PHP), and logic-less templates such as mustache/django templates, I see an advantage of keeping code out of the templates. Especially if you're working in a large team with a differing level of skills (templates can get ugly real fast at the hands of uber-eager-noobs).

This is not about logic in the templates. This is about context-sensitive escaping -- which is not that easy to do correctly (e.g., the "style" attribute of a HTML tag should use CSS escaping rules).

LT

[Alex Tatumizer]

@Ladislav: your objection applies to ANY templates, not only to templates with backquotes.

Either it's possible to solve the problem of escapes automatically, or it is not.

There's nothing specific about backquotes.

--

[Alex Tatumizer]

I would go a step further and say that interpolated expressions in html generation should not contain markup at all.

It's easy to verify programmatically AFTER the interpolation, e.g, we can define our backquote method like this

void backquote(str, origStr) {

   sb.write(ensureNoMarkup(str,origStr));

}

so when we write

`<p>foo${name}bar</p>` - assuming name="<script>Alice's script</script>"

system will call

backquote("foo<script>Alice's script</script>bar",r'''foo${name}bar''')

Now, by analyzing just the number of < chars in both strings, we can easily find out that Alice is trying to cause some trouble. No?
 

[fils]

Greg,

  thanks much..   I made a gist:    https://gist.github.com/fils/5358320

  I will also post this as a bug.   Hope it's a real bug and not just being a stupid user.  ;)

Take care

Doug

[fils]

or I could just update to the latest version of the library and have the issue resolved..   sigh!

I was running 0.1.1   moving to 0.1.4  resolves the issue..  

SIGH..   I need to learn to use >= in my pubspec file...

sorry for the issue..  everything seems to be working well now!   thanks!

+1 my vote to separate logic-less templates BTW    

[Alex Tatumizer]

You know what, I want these back quotes so much, I just went ahead and created an issue:
http://code.google.com/p/dart/issues/detail?id=9831

Sure, the chance for it to be implemented is not very high, but at least I tried ... :-)