Basically it's possible to inject dirty html:

const striked = '<strike>test</strike>';

console.log(<div>{striked}</div>);
console.log(<div><strike>test</strike></div>);
console.log(<div>{striked}</div>);

This is the output:

<div>&lt;strike&gt;test&lt;/strike&gt;</div>
<div><strike>test</strike></div>
<div><strike>test</strike></div>

Expected output:

<div>&lt;strike&gt;test&lt;/strike&gt;</div>
<div><strike>test</strike></div>
<div>&lt;strike&gt;test&lt;/strike&gt;</div>

After rendering <div><strike>test</strike></div>, it caches <strike>test</strike> and doesn't sanitize it anymore. It can be seen live here as well. Just because something was rendered before, it shouldn't mean that it's sanitized.

I tried to configure vhtml in vite's vanilla javascript template but I'm unable to implement it. Please guide me on how to configure it.

main.js
------

/** @jsx vhtml */
import { Counter } from "./src/counter";

document.body.innerHTML = (
  <main>
   <Counter/>
  </main>
);

/** @jsx vhtml */

export function Counter() {
  let count = 0;
  return (
    <section>
      <h1>Click button</h1>
      <button onClick={() => count++}>Click me</button>
    </section>
  );
}

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Vite App</title>
  </head>
  <body>
    <div id="app"></div>
    <script type="module" src="./main.jsx"></script>
  </body>
</html>

vhtml renders “ as “, which causes the source string to appear in the output.

It would be helpful if entities in the "quasis" of the template string were left alone, and interpolated string values were escaped:

// Source
const copyright = '© 2021';
return html`<div>&ldquo;${copyright}&rdquo;</div>`;

// Rendered output
<div>&ldquo;&amp;copy;2021&rdquo;</div>

Is it possible to publish a new version?

A few enhancements have been merged recently, but they're difficult to use via npm.

Hi! Great work :)
I was wondering if there was a way for adding children elements to components like one would do in React. Some like this:

const Child = () => (
	<div>Child here!</div>
);


const Elem = (items) => (
	<div class="foo">
		<h1>Hi!</h1>
    <Child />
		<p>Here is a list of {items.length} items:</p>
		<ul>
			{ items.map( item => (
				<li>{ item }</li>
			)) }
		</ul>
	</div>
)

const list = ['one', 'two', 'three'];
document.body.innerHTML = Elem(list);

I found that if I add them like this it works fine but is not as clear as the previous version.

const Child = () => (
	<div>Child here!</div>
);


const Elem = (items) => (
	<div class="foo">
		<h1>Hi!</h1>
    { Child() }
		<p>Here is a list of {items.length} items:</p>
		<ul>
			{ items.map( item => (
				<li>{ item }</li>
			)) }
		</ul>
	</div>
)

What do you think of adding something like this? If you like the idea I could work on it and submit a PR.
Thanks again!

Why does this library exist when you can just use template strings?

function myComponent(props) {
  return `<div>${props.name}</div>`
}

In react, the number zero will be rendered directly, rather than taken as false or null.

let items = ['one', 'two', 'three']; document.body.innerHTML = ( <div class="foo"> <h1>Hi!</h1> <p>Here is a list of {items.length} items:</p> <ul> { items.map( item => ( <li>{ 1 }</li> )) } </ul> </div> );

Hey everyone

Since we use this project and the maintainer did not respond for a while I went ahead and forked this project here. (npm)
I've incorporated various fixes/ideas from issues and pull requests to vhtml while rewriting the code for readability, adding more tests and a benchmark. I also tried to improve the documentation according to some questions/concerns that have been raised here on vhtml.

Feel free to send pull requests or create issues over there, and we will do our best to respond to them.

Keep in mind that the fork intentionally makes a few breaking changes, which is also why I bumped the major version number.

Is there any way to render safe html in data, kind of like dangerouslySetInnerHTML in React? I'm talking about having some data like:

{
  firstName: 'John',
  lastName: '<b>Doe</b>'
}

Is it possible to render HTML comments, I am using this to render server side templates, and it would be useful to print out html comments so it helps with debugging and getting meta information

First of all, great project. The simplicity is beautiful.

I am curious on your thoughts on adding typings in some form to this repo from a maintainer perspective. I am happy to do the work here, but don't want to create a maintenance burden.

In order of personal preference:

1. Rewrite/convert the package with TypeScript, using your microbundle package?
2. Add .d.ts files to the current implementation?
3. Create a definitely typed package for @types/vhtml?

Hi,

I tried vhtml and it looks fine.

However, to integrate it in my stack I need to make it properly working with .flowconfig

• what's the pragma @jsx syntax to use with vhtml?
• is there a way to alter .flowconfig to 'prepend 'automatically this @jsx tag to all files ?

Currently I'm using : rollup + buble + flow + vhtml

Thanks for help.

JSX should only ignore boolean, null and undefined.

But it doesn't render 0:

Modified example of numbers:

let items = Array.from({ length: 10 }, (_, i) => i);

The first item is not rendered.

https://jsfiddle.net/ts0Lhcfq/

I can figure out the:

{
  "compilerOptions": {
    "jsx": "react",
    "jsxFactory": "h",
  },
}

But I can't figure out how to get the typings going for h and things like children,

Specifically the error I'm getting on any JSX element is:

JSX element implicitly has type 'any' because no interface 'JSX.IntrinsicElements' exists.ts(7026)

PR incoming.

This is a nice to have, right now you have to explicitly call the function, where as in react you can pass in just the declaration.

See: https://reactjs.org/docs/handling-events.html

I'm trying to use a fragment

<>
</>

but got error from babel:

transform-react-jsx: pragma has been set but pragmaFrag has not been set

I'm using Codepen. Here is my code https://codepen.io/jcubic/pen/jOJbOwG

Hi, this is a cool project, thanks so much.

I am using Typescript to compile the JSX, with this tsconfig.json:

    "jsx": "react",
    "jsxFactory": "h",

Most code is converted properly, except when using a fragment:

const foo = <>
   <tr><td>row 1</td></td>
   <tr><td>row 2</td></td>
</>

this warning from Typescript is given:

The 'jsxFragmentFactory' compiler option must be provided to use JSX fragments with the 'jsxFactory' compiler option.

I tried "jsxFragmentFactory": "Fragment", in tsconfig.json but of course no such Fragment is known nor exported from the vhtml import.

• Is it possible to support JSX fragments in VHTML?
• Is there any other way of storing multiple <tr> siblings as per the above example?

We've spiking this module as part a lightweight framework-independent component setup we have going on. At present we are bundling a custom vhtml module with our code (simply lifted from this repo) because we need the attribute mappings in the master branch that not current available in the latest NPM package.

Is this project no longer maintained (if so feel free to move me along! Or do you need a maintainer? I'm aware you must be incredibly busy, we'd be happy to help if we can) or is a new minor release possible to get the added goodness out there?

I recently added this package in our project and I was told it's causing memory leak in our prod env.

After reading the code, it seems like it's the sanitized cache that's causing the problem.

sanitized[s] = true;

Every generated html string(s) would be stored in this cache, and it seems to have caused our server run out of memory and keeps restarting.