代码(Code)
¥Code
Pug 允许你在模板中编写内联 JavaScript 代码。代码分为三种类型:无缓冲、缓冲和非转义缓冲。
¥Pug allows you to write inline JavaScript code in your templates. There are three types of code: Unbuffered, Buffered, and Unescaped Buffered.
无缓冲代码(Unbuffered Code)
¥Unbuffered Code
无缓冲代码以 - 开头。它不会直接向输出添加任何内容。
¥Unbuffered code starts with -. It does not directly add anything to the output.
Pug 还支持块无缓冲代码:
¥Pug also supports block unbuffered code:
缓冲代码(Buffered Code)
¥Buffered Code
缓冲代码以 = 开头。它评估 JavaScript 表达式并输出结果。为了安全起见,缓冲代码首先进行 HTML 转义。
¥Buffered code starts with =. It evaluates the JavaScript expression and outputs the result. For security, buffered code is first HTML escaped.
它还可以内联编写(在任何属性之后),并支持全范围的 JavaScript 表达式:
¥It can also be written inline (after any attributes), and supports the full range of JavaScript expressions:
未转义的缓冲代码(Unescaped Buffered Code)
¥Unescaped Buffered Code
未转义的缓冲代码以 != 开头。它评估 JavaScript 表达式并输出结果。未转义的缓冲代码不执行任何转义,因此对于用户输入来说是不安全的:
¥Unescaped buffered code starts with !=. It evaluates the JavaScript expression and outputs the result. Unescaped buffered code does not perform any escaping, so is unsafe for user input:
未转义的缓冲代码也可以与属性一起编写,并支持全范围的 JavaScript 表达式:
¥Unescaped buffered code can also be written inline with attributes, and supports the full range of JavaScript expressions:
注意
未转义的缓冲代码可能很危险。你必须确保清理所有用户输入以避免 跨站脚本 (XSS)。
¥Unescaped buffered code can be dangerous. You must be sure to sanitize any user inputs to avoid cross-site scripting (XSS).