lesson-14-langs.tm - tomo-koans

(29 lines)
   1 # Langs (Safe Embedded Languages)
   2 
   3 # `lang` defines custom text types with automatic escaping.
   4 lang HTML
   5 
   6     # Custom escaping rules can be created with `convert`
   7     convert(t:Text -> HTML)
   8         t = t.translate({"&": "&amp;", "<": "&lt;", ">": "&gt;"})
   9         return HTML.from_text(t)
  10 
  11     func paragraph(content:HTML -> HTML)
  12         return $HTML"<p>$content</p>"
  13 
  14 
  15 # Type safety prevents injection:
  16 func greet(name:HTML -> HTML)
  17     return $HTML"Hello $name!"
  18 
  19 func main()
  20 
  21     malicious_input := "<b>hello</b>"
  22 
  23     safe := $HTML"User said: $malicious_input"
  24 
  25     assert safe == ???
  26 
  27     assert safe.paragraph() == ???
  28 
  29     greeting := greet(malicious_input)  # This won't compile