{"id":15713778,"url":"https://github.com/anamba/safe_ecr","last_synced_at":"2025-05-12T23:21:02.399Z","repository":{"id":144807473,"uuid":"161718084","full_name":"anamba/safe_ecr","owner":"anamba","description":"Output safety for ECR","archived":false,"fork":false,"pushed_at":"2021-03-24T05:03:49.000Z","size":14,"stargazers_count":10,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-01T04:32:49.194Z","etag":null,"topics":["crystal","crystal-lang","crystal-language","ecr","shard"],"latest_commit_sha":null,"homepage":null,"language":"Crystal","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anamba.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-14T01:57:01.000Z","updated_at":"2022-10-12T23:29:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"a0d9a86f-daf8-4a45-b4d3-5242e277f375","html_url":"https://github.com/anamba/safe_ecr","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anamba%2Fsafe_ecr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anamba%2Fsafe_ecr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anamba%2Fsafe_ecr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anamba%2Fsafe_ecr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anamba","download_url":"https://codeload.github.com/anamba/safe_ecr/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253838057,"owners_count":21972088,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crystal","crystal-lang","crystal-language","ecr","shard"],"created_at":"2024-10-03T21:33:27.297Z","updated_at":"2025-05-12T23:21:02.370Z","avatar_url":"https://github.com/anamba.png","language":"Crystal","funding_links":[],"categories":[],"sub_categories":[],"readme":"# safe_ecr - Output safety for ECR\n\n[![Version](https://img.shields.io/github/tag/anamba/safe_ecr.svg?maxAge=360)](https://github.com/anamba/safe_ecr/releases/latest)\n[![Build Status](https://travis-ci.org/anamba/safe_ecr.svg?branch=master)](https://travis-ci.org/anamba/safe_ecr)\n[![License](https://img.shields.io/github/license/anamba/safe_ecr.svg)](https://github.com/anamba/safe_ecr/blob/master/LICENSE)\n\nOverrides default ECR module with one that does HTML escaping by default. Inspired by ActiveSupport's output safety.\n\nA few brief examples:\n\n```erb\n\u003c%= \"Hello,\u003cbr\u003e world!\" %\u003e                 # =\u003e Hello,\u0026lt;br\u0026gt; world!\n\u003c%=raw \"Hello,\u003cbr\u003e world!\" %\u003e              # =\u003e Hello,\u003cbr\u003e world!\n\u003c%= \"Hello,\u003cbr\u003e world!\".html_safe %\u003e       # =\u003e Hello,\u003cbr\u003e world!\n\u003c%= \"Hello,\" + \"\u003cbr\u003e world!\".html_safe %\u003e  # =\u003e Hello,\u003cbr\u003e world!\n\u003c%= \"Hello,\u003cbr\u003e\" + \" world!\".html_safe %\u003e  # =\u003e Hello,\u0026lt;br\u0026gt; world!\n```\n\nECR will only output HTML safe strings, represented by a new class, `SafeECR::HTMLSafeString`. `HTMLSafeString`s can be created implicitly (the first and last lines of the example above) or explicitly (the second, third and fourth lines, plus the \"` world!`\" part of the last line).\n\nNote that as shown in the last line, when `String`s and `HTMLSafeString`s are combined via `+`, the result is an `HTMLSafeString` (with any HTML in the original `String` escaped). If you *don't* want this behavior, just call `#to_s` on the `HTMLSafeString` first to convert it to a regular string before combining.\n\n## Versioning\n\nSafeECR is closely tied to ECR, so starting with 0.28.0, the SafeECR version will indicate the version of Crystal it works with.\n\nFor Crystal 0.27.0, use v0.2.0.\n\n## Limitations\n\nCrystal's `String` class cannot be inherited from, nor can it have additional properties added to it, which is why `HTMLSafeString` is an entirely unrelated class. As a result, using this shard will likely require a *lot* of code changes in existing HTML helper methods. (A companion shard to patch JasperHelpers for use with this shard is coming soon.)\n\n## Installation\n\n1. Add the dependency to your `shard.yml`:\n```yaml\ndependencies:\n  safe_ecr:\n    github: anamba/safe_ecr\n```\n2. Run `shards install`\n\n## Usage\n\nRequire the module:\n\n```crystal\nrequire \"safe_ecr\"\n```\n\nInclude the helpers (`h` and `raw`) where you need them:\n\n```crystal\ninclude SafeECR::Helpers\n```\n\nThen, in your ECR templates:\n\n```erb\nHello, world!\n\u003c%= \"Dangerous stuff like #{user.profile} gets escaped, since they could include \u003cscript\u003e...\u003c/script\u003e\" %\u003e\n\u003c%= \"\u003cem\u003eYou can manually mark strings as HTML-safe as needed...\u003c/em\u003e\".html_safe %\u003e\n\u003c%= raw \"\u003cstrong\u003eOr use the raw helper, which does the same thing.\u003c/strong\u003e\" %\u003e\n```\n\n## Amber-specific changes\n\nIn your layout, add the `raw` helper:\n\n```erb\n\u003c%= raw content %\u003e\n```\n\nLikewise, anytime you call `render` directly in a template file, it should now be `raw render`. (I considered overriding `render` to return an `HTMLSafeString`, but decided against it for now.)\n\n## Contributing\n\n1. Fork it (\u003chttps://github.com/anamba/safe_ecr/fork\u003e)\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create a new Pull Request\n\n## Contributors\n\n- [Aaron Namba](https://github.com/anamba) - creator and maintainer\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanamba%2Fsafe_ecr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanamba%2Fsafe_ecr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanamba%2Fsafe_ecr/lists"}