|
1 | 1 | Serialize JavaScript |
2 | 2 | ==================== |
| 3 | + |
| 4 | +Serialize JavaScript to a _superset_ of JSON that includes regular expressions and functions. |
| 5 | + |
| 6 | +[![npm Version][npm-badge]][npm] |
| 7 | +[![Dependency Status][david-badge]][david] |
| 8 | +[![Build Status][travis-badge]][travis] |
| 9 | + |
| 10 | +## Overview |
| 11 | + |
| 12 | +The code in this package began its life as an internal module to [express-state][]. To expand its usefulness, it now lives as `serialize-javascript` — an independent package on npm. |
| 13 | + |
| 14 | +You're probably wondering: **What about `JSON.stringify()`!?** We've found that sometimes we need to serialize JavaScript **functions** and **regexps**. A great example is a web app that uses client-side URL routing where the route definitions are regexps that need to be shared from the server to the client. |
| 15 | + |
| 16 | +The string returned from this package's single export function is literal JavaScript which can be saved to a `.js` file, or be embedded into an HTML document by making the content of a `<script>` element. **HTML charaters and JavaScript line terminators are escaped automatically.** |
| 17 | + |
| 18 | +## Installation |
| 19 | + |
| 20 | +Install using npm: |
| 21 | + |
| 22 | +```shell |
| 23 | +$ npm install serialize-javascript |
| 24 | +``` |
| 25 | + |
| 26 | +## Usage |
| 27 | + |
| 28 | +```js |
| 29 | +var serialize = require('serialize'); |
| 30 | + |
| 31 | +serialize({ |
| 32 | + str : 'string', |
| 33 | + num : 0, |
| 34 | + obj : {foo: 'foo'}, |
| 35 | + arr : [1, 2, 3], |
| 36 | + bool : true, |
| 37 | + nil : null, |
| 38 | + undef: undefined, |
| 39 | + |
| 40 | + fn: function echo(arg) { return arg; }, |
| 41 | + re: /([^\s]+)/g |
| 42 | +}); |
| 43 | +``` |
| 44 | + |
| 45 | +The above will produce the following output: |
| 46 | + |
| 47 | +```js |
| 48 | +'{"str":"string","num":0,"obj":{"foo":"foo"},"arr":[1,2,3],"bool":true,"nil":null,"fn":function echo(arg) { return arg; },"re":/([^\\s]+)/g}' |
| 49 | +``` |
| 50 | + |
| 51 | +### Automatic Escaping of HTML Characters |
| 52 | + |
| 53 | +A primary feature of this package is to serialize code to a string of literal JavaScript which can be embedded in an HTML document by adding it as the contents of the `<script>` element. In order to make this safe, HTML characters and JavaScript line terminators are escaped automatically. |
| 54 | + |
| 55 | +```js |
| 56 | +serialize({ |
| 57 | + haxorXSS: '</script>' |
| 58 | +}); |
| 59 | +``` |
| 60 | + |
| 61 | +The above will produce the following, HTML-escaped output which is safe to put into an HTML document as it will not cause the inline script element to terminate: |
| 62 | + |
| 63 | +```js |
| 64 | +'{"haxorXSS":"\\u003C\\u002Fscript\\u003E"}' |
| 65 | +``` |
| 66 | + |
| 67 | +## License |
| 68 | + |
| 69 | +This software is free to use under the Yahoo! Inc. BSD license. |
| 70 | +See the [LICENSE file][LICENSE] for license text and copyright information. |
| 71 | + |
| 72 | + |
| 73 | +[npm]: https://www.npmjs.org/package/serialize-javascript |
| 74 | +[npm-badge]: https://img.shields.io/npm/v/serialize-javascript.svg?style=flat-square |
| 75 | +[david]: https://david-dm.org/yahoo/serialize-javascript |
| 76 | +[david-badge]: https://img.shields.io/david/yahoo/serialize-javascript.svg?style=flat-square |
| 77 | +[travis]: https://travis-ci.org/yahoo/serialize-javascript |
| 78 | +[travis-badge]: http://img.shields.io/travis/yahoo/serialize-javascript.svg?style=flat-square |
| 79 | +[express-state]: https://github.com/yahoo/express-state |
| 80 | +[LICENSE]: https://github.com/yahoo/serialize-javascript/blob/master/LICENSE |
0 commit comments