I was writing this little app of mine and it needed dynamic HTML to be generated. So I decided to write my own little library for it that is open-source, you can find the source code at https://github.com/tinfoilboy/CTML Any feedback you can give/any feature you would like to see implemented, feel free to tell me. Thanks in advance!
How do I know that I'd need to pass in "h1" and "p" in certain places?
And in:
1 2 3 4 5
std::string htmlString = "<a class=\"button\"><script>alert(\"ha ha hacked!\")</script></a>";
CTML::Node node("a.button", "<script>alert(\"ha ha hacked!\")</script>");
// the node's string output
std::string nodeString = node.ToString(CTML::SINGLE_LINE, 0);
bool test = assert_strings_equal(htmlString, nodeString);
Why should node("a.button", "<script>alert(\"ha ha hacked!\")</script>") generate "<a class=\"button\"><script>alert(\"ha ha hacked!\")</script></a>"?
I think the underlying problem is there could be a bit more abstraction.
It would be nice if logical read-only members were const, but they're not.
The first argument of CTML::Node is always the element name, and then the second is the element content. Element name corresponds to what type of element you are passing in, such as a div or span or something. Basically any valid HTML element name can be put there. Something cool about it though, is that you can chain classes and an ID (HTML only allows for one ID per element, as it should), so writing CTML::Node testNode("a.button.success#login-button", "Log In"); and then parsing it to a string would return <a class="button success" id="login-button">Log In</a> because in HTML, classes are usually represented by periods and IDs are usually represented by pound signs.
The reason why CTML::Node node("a.button", "<script>alert(\"ha ha hacked!\")</script>"); returns <a class=\"button\"><script>alert(\"ha ha hacked!\")</script></a> is because if you are taking in user input or something along those lines, you would want to escape the less than and greater than signs to html entities, so that the browser doesn't attempt to parse it, and in the case of a script tag, run the Javascript code inside. Though I will say that I might need to add a case to not escape stuff like that.
Also, how would I achieve more abstraction? It's about as abstract as I can think to make it. As it only loosely emulates the DOM tree.
You clearly have different kinds of nodes, and there are rules about when and where some kinds can be applied. You've kind of short cut'd it by making the user pass in a string in certain order that short cuts all that stuff.
It's good that it's light and probably fast, but it requires a lot of knowledge from the user to use correctly as it can generate bad HTML.