| 1 | /**
|
| 2 | * @license
|
| 3 | * Copyright 2020 Google LLC
|
| 4 | * SPDX-License-Identifier: BSD-3-Clause
|
| 5 | */
|
| 6 | import { html as coreHtml, svg as coreSvg, TemplateResult } from './lit-html.js';
|
| 7 | export interface StaticValue {
|
| 8 | /** The value to interpolate as-is into the template. */
|
| 9 | _$litStatic$: string;
|
| 10 | /**
|
| 11 | * A value that can't be decoded from ordinary JSON, make it harder for
|
| 12 | * a attacker-controlled data that goes through JSON.parse to produce a valid
|
| 13 | * StaticValue.
|
| 14 | */
|
| 15 | r: typeof brand;
|
| 16 | }
|
| 17 | /**
|
| 18 | * Prevents JSON injection attacks.
|
| 19 | *
|
| 20 | * The goals of this brand:
|
| 21 | * 1) fast to check
|
| 22 | * 2) code is small on the wire
|
| 23 | * 3) multiple versions of Lit in a single page will all produce mutually
|
| 24 | * interoperable StaticValues
|
| 25 | * 4) normal JSON.parse (without an unusual reviver) can not produce a
|
| 26 | * StaticValue
|
| 27 | *
|
| 28 | * Symbols satisfy (1), (2), and (4). We use Symbol.for to satisfy (3), but
|
| 29 | * we don't care about the key, so we break ties via (2) and use the empty
|
| 30 | * string.
|
| 31 | */
|
| 32 | declare const brand: unique symbol;
|
| 33 | /**
|
| 34 | * Wraps a string so that it behaves like part of the static template
|
| 35 | * strings instead of a dynamic value.
|
| 36 | *
|
| 37 | * Users must take care to ensure that adding the static string to the template
|
| 38 | * results in well-formed HTML, or else templates may break unexpectedly.
|
| 39 | *
|
| 40 | * Note that this function is unsafe to use on untrusted content, as it will be
|
| 41 | * directly parsed into HTML. Do not pass user input to this function
|
| 42 | * without sanitizing it.
|
| 43 | *
|
| 44 | * Static values can be changed, but they will cause a complete re-render
|
| 45 | * since they effectively create a new template.
|
| 46 | */
|
| 47 | export declare const unsafeStatic: (value: string) => StaticValue;
|
| 48 | /**
|
| 49 | * Tags a string literal so that it behaves like part of the static template
|
| 50 | * strings instead of a dynamic value.
|
| 51 | *
|
| 52 | * The only values that may be used in template expressions are other tagged
|
| 53 | * `literal` results or `unsafeStatic` values (note that untrusted content
|
| 54 | * should never be passed to `unsafeStatic`).
|
| 55 | *
|
| 56 | * Users must take care to ensure that adding the static string to the template
|
| 57 | * results in well-formed HTML, or else templates may break unexpectedly.
|
| 58 | *
|
| 59 | * Static values can be changed, but they will cause a complete re-render since
|
| 60 | * they effectively create a new template.
|
| 61 | */
|
| 62 | export declare const literal: (strings: TemplateStringsArray, ...values: unknown[]) => StaticValue;
|
| 63 | /**
|
| 64 | * Wraps a lit-html template tag (`html` or `svg`) to add static value support.
|
| 65 | */
|
| 66 | export declare const withStatic: (coreTag: typeof coreHtml | typeof coreSvg) => (strings: TemplateStringsArray, ...values: unknown[]) => TemplateResult;
|
| 67 | /**
|
| 68 | * Interprets a template literal as an HTML template that can efficiently
|
| 69 | * render to and update a container.
|
| 70 | *
|
| 71 | * Includes static value support from `lit-html/static.js`.
|
| 72 | */
|
| 73 | export declare const html: (strings: TemplateStringsArray, ...values: unknown[]) => TemplateResult;
|
| 74 | /**
|
| 75 | * Interprets a template literal as an SVG template that can efficiently
|
| 76 | * render to and update a container.
|
| 77 | *
|
| 78 | * Includes static value support from `lit-html/static.js`.
|
| 79 | */
|
| 80 | export declare const svg: (strings: TemplateStringsArray, ...values: unknown[]) => TemplateResult;
|
| 81 | export {};
|
| 82 | //# sourceMappingURL=static.d.ts.map |
| \ | No newline at end of file |