The HTML node (usually either a #text node or an Element) that is being written to. Note that this is just an exemplar node, the write may take place against another instance of the same class of node.
The name of an attribute or property (for example, 'href').
Indicates whether the write that's about to be performed will be to a property or a node.
A function that will sanitize this class of writes.
The return type of the template tag functions.
A function which can sanitize values that will be written to a specific kind of DOM sink.
See SanitizerFactory.
The value to sanitize. Will be the actual value passed into the lit-html template literal, so this could be of any type.
The value to write to the DOM. Usually the same as the input value, unless sanitization is needed.
A sentinel value that signals that a value was handled by a directive and should not be written to the DOM.
A sentinel value that signals a ChildPart to fully clear its content.
const button = html`${
user.isAdmin
? html`<button>DELETE</button>`
: nothing
}`;
Prefer using nothing over other falsy values as
it provides a consistent behavior between various expression
binding contexts.
In child expressions, undefined,
null, '', and
nothing all behave the same and render no
nodes. In attribute expressions, nothing
removes the attribute, while
undefined and null will render an
empty string. In property expressions
nothing becomes undefined.
Renders a value, usually a lit-html TemplateResult, to the container.
Interprets a template literal as an HTML template that can efficiently render to and update a container.
const header = (title: string) => html`<h1>${title}</h1>`;
The html tag returns a description of the
DOM to render as a value. It is lazy, meaning no work is
done until the template is rendered. When rendering, if
a template comes from the same expression as a
previously rendered result, it's efficiently updated
instead of replaced.
Interprets a template literal as an SVG template that can efficiently render to and update a container.
Generated using TypeDoc
Used to sanitize any value before it is written into the DOM. This can be used to implement a security policy of allowed and disallowed values in order to prevent XSS attacks.
One way of using this callback would be to check attributes and properties against a list of high risk fields, and require that values written to such fields be instances of a class which is safe by construction. Closure's Safe HTML Types is one implementation of this technique ( https://github.com/google/safe-html-types/blob/master/doc/safehtml-types.md). The TrustedTypes polyfill in API-only mode could also be used as a basis for this technique (https://github.com/WICG/trusted-types).