1 | /**
|
2 | * @license
|
3 | * Copyright 2020 Google LLC
|
4 | * SPDX-License-Identifier: BSD-3-Clause
|
5 | */
|
6 | import { html as coreHtml, svg as coreSvg, TemplateResult } from './lit-html.js';
|
7 | export interface StaticValue {
|
8 | /** The value to interpolate as-is into the template. */
|
9 | _$litStatic$: string;
|
10 | /**
|
11 | * A value that can't be decoded from ordinary JSON, make it harder for
|
12 | * a attacker-controlled data that goes through JSON.parse to produce a valid
|
13 | * StaticValue.
|
14 | */
|
15 | r: typeof brand;
|
16 | }
|
17 | /**
|
18 | * Prevents JSON injection attacks.
|
19 | *
|
20 | * The goals of this brand:
|
21 | * 1) fast to check
|
22 | * 2) code is small on the wire
|
23 | * 3) multiple versions of Lit in a single page will all produce mutually
|
24 | * interoperable StaticValues
|
25 | * 4) normal JSON.parse (without an unusual reviver) can not produce a
|
26 | * StaticValue
|
27 | *
|
28 | * Symbols satisfy (1), (2), and (4). We use Symbol.for to satisfy (3), but
|
29 | * we don't care about the key, so we break ties via (2) and use the empty
|
30 | * string.
|
31 | */
|
32 | declare const brand: unique symbol;
|
33 | /**
|
34 | * Wraps a string so that it behaves like part of the static template
|
35 | * strings instead of a dynamic value.
|
36 | *
|
37 | * Users must take care to ensure that adding the static string to the template
|
38 | * results in well-formed HTML, or else templates may break unexpectedly.
|
39 | *
|
40 | * Note that this function is unsafe to use on untrusted content, as it will be
|
41 | * directly parsed into HTML. Do not pass user input to this function
|
42 | * without sanitizing it.
|
43 | *
|
44 | * Static values can be changed, but they will cause a complete re-render
|
45 | * since they effectively create a new template.
|
46 | */
|
47 | export declare const unsafeStatic: (value: string) => StaticValue;
|
48 | /**
|
49 | * Tags a string literal so that it behaves like part of the static template
|
50 | * strings instead of a dynamic value.
|
51 | *
|
52 | * The only values that may be used in template expressions are other tagged
|
53 | * `literal` results or `unsafeStatic` values (note that untrusted content
|
54 | * should never be passed to `unsafeStatic`).
|
55 | *
|
56 | * Users must take care to ensure that adding the static string to the template
|
57 | * results in well-formed HTML, or else templates may break unexpectedly.
|
58 | *
|
59 | * Static values can be changed, but they will cause a complete re-render since
|
60 | * they effectively create a new template.
|
61 | */
|
62 | export declare const literal: (strings: TemplateStringsArray, ...values: unknown[]) => StaticValue;
|
63 | /**
|
64 | * Wraps a lit-html template tag (`html` or `svg`) to add static value support.
|
65 | */
|
66 | export declare const withStatic: (coreTag: typeof coreHtml | typeof coreSvg) => (strings: TemplateStringsArray, ...values: unknown[]) => TemplateResult;
|
67 | /**
|
68 | * Interprets a template literal as an HTML template that can efficiently
|
69 | * render to and update a container.
|
70 | *
|
71 | * Includes static value support from `lit-html/static.js`.
|
72 | */
|
73 | export declare const html: (strings: TemplateStringsArray, ...values: unknown[]) => TemplateResult;
|
74 | /**
|
75 | * Interprets a template literal as an SVG template that can efficiently
|
76 | * render to and update a container.
|
77 | *
|
78 | * Includes static value support from `lit-html/static.js`.
|
79 | */
|
80 | export declare const svg: (strings: TemplateStringsArray, ...values: unknown[]) => TemplateResult;
|
81 | export {};
|
82 | //# sourceMappingURL=static.d.ts.map |
\ | No newline at end of file |