kup

kup is an html builder for nodejs

npm install kup
7 downloads in the last week
41 downloads in the last month

kup

Build Status

kup is an html builder for nodejs

install

npm install kup

use

Kup = require 'kup'

k = new Kup

k.doctype()

k.html ->
    k.head ->
        k.title 'a title'
        k.script
            src: 'http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js'
            type: 'text/javascript'
    k.body ->
        k.div {id: 'container'}, ->
            k.h1 'a heading'
            k.h2 {class: 'secondary-heading'}, 'another heading'
            k.ul ->
                'first second third'.split(' ').forEach (x) ->
                    k.li -> k.a x
            k.p ->
                k.unsafe 'Before the break'
                k.br()
                k.unsafe 'After the break'

console.log k.htmlOut

produces the following html:

<!DOCTYPE html>
<html>
<head>
<title>a title</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"></script>
</head>
<body>
<div id="container">
<h1>a heading</h1>
<h2 class="secondary-heading">another heading</h2>
<ul>
<li>
<a>first</a>
</li>
<li>
<a>second</a>
</li>
<li>
<a>third</a>
</li>
</ul>
<p>Before the break<br />
After the break</p>
</div>
</body>
</html>

xss prevention

kup will html escape text content.

kup will properly quote attributes using double quotes. properly quoted attributes can only be escaped with the corresponding quote. kup escapes all double quotes inside attributes values to prevent escaping.

use the unsafe function to insert inner text which will not be escaped:

k.script ->
    k.unsafe 'javascript which should not be escaped'

use the safe function to insert inner text which will be escaped:

k.p ->
    k.safe 'this will be escaped'
    k.br()
    k.safe 'this will also be escaped'

credit

kup is inspired by mark hahn's drykup

license: MIT

npm loves you