npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@mpen/jsxhtml

v0.1.24

Published

JSX to HTML. No hydration.

Downloads

5

Readme

JsxHtml

JSX to HTML. No hydration.

Example

console.log(<div class={["foo","bar"]} style={{color:'blue',border:1}}>Hello JsxHtml</div>.toString())
// <div class="foo bar" style="color:blue;border:1px;">Hello JsxHtml</div>

Intro

JsxHtml is a jsx-runtime that converts your compiled JSX into static HTML. That means no virtual DOM, no hydration, no excess markup, no client-side JavaScript needed.

Unlike other libraries, JsxHtml is safe by default. That means all your variables, whether they're used in attribute values or content, will be escaped.

const userGeneratedContent = `I'm "going" to <script>alert('hack')</script> you!`
const breakQuote = `break"quote`
console.log(<div class={breakQuote}>{userGeneratedContent}</div>.toString())
// <div class="break&quot;quote">I'm "going" to &lt;script>alert('hack')&lt;/script> you!</div>

JsxHtml returns JsxNode objects with a .toString() method instead of returning a string directly. This has the benefit that it allows us to know which bits are safe or unsafe. For example, we can rewrite the above snippet to use JSX in the variable instead of a string:

const serverContent = <>I'm "going" to <script>alert('hack')</script> myself!</>
console.log(<div>{serverContent}</div>.toString())
// <div>I'm "going" to <script>alert('hack')</script> myself!</div>

Notice how the output is not escaped now, because the serverContent is JSX and can't have been written by a user. There is no need to annotate which pieces are "safe" or "unsafe" which is prone to human error.

Escape Hatch

If you really want to allow unescaped HTML to be rendered out as-is, you can use the <RawHtml> component:

const html = "HTML <b>generated</b> from some WYSIWYG."
console.log('SAFE: ' + <div>{html}</div>)
console.log('NOT SAFE: ' + <RawHtml>{html}</RawHtml>)
SAFE: <div>HTML &lt;b>generated&lt;/b> from some WYSIWYG.</div>
NOT SAFE: HTML <b>generated</b> from some WYSIWYG.

Setup

Add these options to your tsconfig.json or Babel config.

{
    "compilerOptions": {
        "jsx": "react-jsx",
        "jsxImportSource": "@mpen/jsxhtml"
    }
}

Elysia Integration

JsxHtml is primarily designed for server-side rendering. It pairs nicely with frameworks such as Elysia, so you can return a block of HTML with no fuss:

import {elysiaJsx} from '@mpen/jsxhtml'

new Elysia()
    .use(elysiaJsx())
    .get('/', () => {
        return (
            <HtmlDocument lang="en">
                <head>
                    <title>Hello JsxHtml</title>
                </head>
                <body>
                    Hi there!
                </body>
            </HtmlDocument>
        )
    })
    .listen(3000)
<!DOCTYPE html><html lang="en"><head><title>Hello JsxHtml</title></head><body>Hi there!</body></html>

It should be just as easy to integrate with Express or any other JavaScript server, because JsxHtml compiles to an object with a .toString() method -- so if your framework allows you to send a string in the response body, you're good to go.

For reference, so you can see how easy this is, the entire Elysia plugin is this:

import {isJsxNode} from './jsx-nodes'

export function elysiaJsx() {
    const {Elysia} = require('elysia') as typeof import('elysia')
    return new Elysia()
        .onAfterHandle(({response}) => {
            if(isJsxNode(response)) {
                return new Response(String(response), {
                    headers: {
                        'content-type': 'text/html; charset=utf8'
                    }
                })
            }
        })
}

i.e., it's just checking if you're returning a JsxHtml node and then converts the return value to a string and adds the Content-Type header.

Client-side

If you really want, you can ship the compiled JSX to the client. It looks like this:

_jsx("div", { children: "hello" });

But then you will need to send the @mpen/jsxhtml/jsx-runtime to the client too. But then you can render out the HTML in the browser, which will allow for more dynamic behavior, but you won't get reactive elements, hooks, or state management or anything of the sort. If you want that, try React.

jsx-dev-runtime

JsxHtml includes jsx-dev-runtime. There is no equivalent React Dev Tools, because again, there is no client-side JS included here, it's just HTML, but, we can add some good old-fashioned HTML comments to the output, so you can see which bits of HTML were generated from custom components:

function BlueBox(props: CommonProps) {
    return (
        <div class="cr-blue-box">
            {props.children}
        </div>
    )
}

new Elysia()
    .use(elysiaJsx())
    .get('/dev', () => {
        return <BlueBox>box</BlueBox>
    })

When using {"jsx": "react-jsxdev"}, this will output:

<!--<BlueBox>--><div class="cr-blue-box">box</div><!--</BlueBox>-->

When using {"jsx": "react-jsx"}, this will output:

<div class="cr-blue-box">box</div>