Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
frenzzy committed Feb 14, 2018
1 parent 858c8fb commit 2e327be
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 7 deletions.
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ app initialization. That could be useful to generate HTML markup from static vie
```js
import { renderToString } from 'hyperapp-render'

const Component = (props) => <h1>Hello {props.name}</h1>
const Component = ({ name }) => <h1>Hello {name}</h1>

renderToString(<Component name="World" />)
// => <h1>Hello World</h1>
Expand Down Expand Up @@ -106,7 +106,7 @@ Also consider the list of browsers supported by [hyperapp](https://github.com/hy
## Caveats

The library automatically escapes text content and attribute values
of [virtual DOM nodes](https://github.com/hyperapp/hyperapp/blob/1.1.1/README.md#virtual-dom)
of [virtual DOM nodes](https://github.com/hyperapp/hyperapp/blob/1.1.2/README.md#virtual-dom)
to protect your application against [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks.

However, it is not safe to allow "user input" for node names or attribute keys because
Expand All @@ -118,8 +118,8 @@ const tagName = 'div onclick="alert(1)"'
renderToString(h(tagName, { title: 'Hey' }, 'Hi'))
// => <div onclick="alert(1)" title="Hey︎">Hi</div>

const propName = 'onclick="alert(1)" title'
renderToString(h('div', { [propName]: 'Hey' }, 'Hi'))
const attributeName = 'onclick="alert(1)" title'
renderToString(h('div', { [attributeName]: 'Hey' }, 'Hi'))
// => <div onclick="alert(1)" title="Hey︎">Hi</div>

const userInput = '<script>alert(1)</script>'
Expand Down
4 changes: 2 additions & 2 deletions benchmark/index.bench.js
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,8 @@ suite('renderAttribute(name, value)', () => {
})

suite('renderToString(node)', () => {
const Fragment = (props, children) => h('', props, children)
const Component = (props, children) => <h1 {...props}>{children}</h1>
const Fragment = (attributes, children) => h('', attributes, children)
const Component = (attributes, children) => <h1 {...attributes}>{children}</h1>

benchmark('basic', () => {
renderToString(
Expand Down
Binary file modified demo.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion test/index.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,7 @@ describe('renderToString(node)', () => {
})

it('should render composite components', () => {
const Child = (props) => <h1>Hello {props.name}</h1>
const Child = ({ name }) => <h1>Hello {name}</h1>
const Parent = () => (
<div>
<Child name="World" />
Expand Down

0 comments on commit 2e327be

Please sign in to comment.