Description
Replace raw HTML strings with the typed html-builder library for safer, more maintainable HTML generation.
Current State
The admin templates use raw HTML strings with format! macros:
fn render_base(title: &str, content: &str) -> String {
format!(r#"<!DOCTYPE html>
<html lang="en">
<head>...</head>
<body>{content}</body>
</html>"#)
}Desired State
Use https://github.com/leakIX/html-builder for type-safe HTML:
use html_builder::*;
fn render_base(title: &str, content: &str) -> String {
html()
.lang("en")
.child(head().child(title_tag().text(title)))
.child(body().child(content))
.render()
}Files to Update
crates/oxide-admin/src/templates/base.rscrates/oxide-admin/src/templates/list.rscrates/oxide-admin/src/templates/detail.rscrates/oxide-admin/examples/blog_admin.rs
Benefits
- Type-safe HTML generation
- No XSS vulnerabilities from string interpolation
- Better refactoring support
- Cleaner code
Description
Replace raw HTML strings with the typed html-builder library for safer, more maintainable HTML generation.
Current State
The admin templates use raw HTML strings with format! macros:
Desired State
Use https://github.com/leakIX/html-builder for type-safe HTML:
Files to Update
crates/oxide-admin/src/templates/base.rscrates/oxide-admin/src/templates/list.rscrates/oxide-admin/src/templates/detail.rscrates/oxide-admin/examples/blog_admin.rsBenefits