1var assignInWith = require('./assignInWith'),
2    attempt = require('./attempt'),
3    baseValues = require('./_baseValues'),
4    customDefaultsAssignIn = require('./_customDefaultsAssignIn'),
5    escapeStringChar = require('./_escapeStringChar'),
6    isError = require('./isError'),
7    isIterateeCall = require('./_isIterateeCall'),
8    keys = require('./keys'),
9    reInterpolate = require('./_reInterpolate'),
10    templateSettings = require('./templateSettings'),
11    toString = require('./toString');
12
13/** Error message constants. */
14var INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`';
15
16/** Used to match empty string literals in compiled template source. */
17var reEmptyStringLeading = /\b__p \+= '';/g,
18    reEmptyStringMiddle = /\b(__p \+=) '' \+/g,
19    reEmptyStringTrailing = /(__e\(.*?\)|\b__t\)) \+\n'';/g;
20
21/**
22 * Used to validate the `validate` option in `_.template` variable.
23 *
24 * Forbids characters which could potentially change the meaning of the function argument definition:
25 * - "()," (modification of function parameters)
26 * - "=" (default value)
27 * - "[]{}" (destructuring of function parameters)
28 * - "/" (beginning of a comment)
29 * - whitespace
30 */
31var reForbiddenIdentifierChars = /[()=,{}\[\]\/\s]/;
32
33/**
34 * Used to match
35 * [ES template delimiters](http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).
36 */
37var reEsTemplate = /\$\{([^\\}]*(?:\\.[^\\}]*)*)\}/g;
38
39/** Used to ensure capturing order of template delimiters. */
40var reNoMatch = /($^)/;
41
42/** Used to match unescaped characters in compiled string literals. */
43var reUnescapedString = /['\n\r\u2028\u2029\\]/g;
44
45/** Used for built-in method references. */
46var objectProto = Object.prototype;
47
48/** Used to check objects for own properties. */
49var hasOwnProperty = objectProto.hasOwnProperty;
50
51/**
52 * Creates a compiled template function that can interpolate data properties
53 * in "interpolate" delimiters, HTML-escape interpolated data properties in
54 * "escape" delimiters, and execute JavaScript in "evaluate" delimiters. Data
55 * properties may be accessed as free variables in the template. If a setting
56 * object is given, it takes precedence over `_.templateSettings` values.
57 *
58 * **Note:** In the development build `_.template` utilizes
59 * [sourceURLs](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
60 * for easier debugging.
61 *
62 * For more information on precompiling templates see
63 * [lodash's custom builds documentation](https://lodash.com/custom-builds).
64 *
65 * For more information on Chrome extension sandboxes see
66 * [Chrome's extensions documentation](https://developer.chrome.com/extensions/sandboxingEval).
67 *
68 * @static
69 * @since 0.1.0
70 * @memberOf _
71 * @category String
72 * @param {string} [string=''] The template string.
73 * @param {Object} [options={}] The options object.
74 * @param {RegExp} [options.escape=_.templateSettings.escape]
75 *  The HTML "escape" delimiter.
76 * @param {RegExp} [options.evaluate=_.templateSettings.evaluate]
77 *  The "evaluate" delimiter.
78 * @param {Object} [options.imports=_.templateSettings.imports]
79 *  An object to import into the template as free variables.
80 * @param {RegExp} [options.interpolate=_.templateSettings.interpolate]
81 *  The "interpolate" delimiter.
82 * @param {string} [options.sourceURL='templateSources[n]']
83 *  The sourceURL of the compiled template.
84 * @param {string} [options.variable='obj']
85 *  The data object variable name.
86 * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
87 * @returns {Function} Returns the compiled template function.
88 * @example
89 *
90 * // Use the "interpolate" delimiter to create a compiled template.
91 * var compiled = _.template('hello <%= user %>!');
92 * compiled({ 'user': 'fred' });
93 * // => 'hello fred!'
94 *
95 * // Use the HTML "escape" delimiter to escape data property values.
96 * var compiled = _.template('<b><%- value %></b>');
97 * compiled({ 'value': '<script>' });
98 * // => '<b>&lt;script&gt;</b>'
99 *
100 * // Use the "evaluate" delimiter to execute JavaScript and generate HTML.
101 * var compiled = _.template('<% _.forEach(users, function(user) { %><li><%- user %></li><% }); %>');
102 * compiled({ 'users': ['fred', 'barney'] });
103 * // => '<li>fred</li><li>barney</li>'
104 *
105 * // Use the internal `print` function in "evaluate" delimiters.
106 * var compiled = _.template('<% print("hello " + user); %>!');
107 * compiled({ 'user': 'barney' });
108 * // => 'hello barney!'
109 *
110 * // Use the ES template literal delimiter as an "interpolate" delimiter.
111 * // Disable support by replacing the "interpolate" delimiter.
112 * var compiled = _.template('hello ${ user }!');
113 * compiled({ 'user': 'pebbles' });
114 * // => 'hello pebbles!'
115 *
116 * // Use backslashes to treat delimiters as plain text.
117 * var compiled = _.template('<%= "\\<%- value %\\>" %>');
118 * compiled({ 'value': 'ignored' });
119 * // => '<%- value %>'
120 *
121 * // Use the `imports` option to import `jQuery` as `jq`.
122 * var text = '<% jq.each(users, function(user) { %><li><%- user %></li><% }); %>';
123 * var compiled = _.template(text, { 'imports': { 'jq': jQuery } });
124 * compiled({ 'users': ['fred', 'barney'] });
125 * // => '<li>fred</li><li>barney</li>'
126 *
127 * // Use the `sourceURL` option to specify a custom sourceURL for the template.
128 * var compiled = _.template('hello <%= user %>!', { 'sourceURL': '/basic/greeting.jst' });
129 * compiled(data);
130 * // => Find the source of "greeting.jst" under the Sources tab or Resources panel of the web inspector.
131 *
132 * // Use the `variable` option to ensure a with-statement isn't used in the compiled template.
133 * var compiled = _.template('hi <%= data.user %>!', { 'variable': 'data' });
134 * compiled.source;
135 * // => function(data) {
136 * //   var __t, __p = '';
137 * //   __p += 'hi ' + ((__t = ( data.user )) == null ? '' : __t) + '!';
138 * //   return __p;
139 * // }
140 *
141 * // Use custom template delimiters.
142 * _.templateSettings.interpolate = /{{([\s\S]+?)}}/g;
143 * var compiled = _.template('hello {{ user }}!');
144 * compiled({ 'user': 'mustache' });
145 * // => 'hello mustache!'
146 *
147 * // Use the `source` property to inline compiled templates for meaningful
148 * // line numbers in error messages and stack traces.
149 * fs.writeFileSync(path.join(process.cwd(), 'jst.js'), '\
150 *   var JST = {\
151 *     "main": ' + _.template(mainText).source + '\
152 *   };\
153 * ');
154 */
155function template(string, options, guard) {
156  // Based on John Resig's `tmpl` implementation
157  // (http://ejohn.org/blog/javascript-micro-templating/)
158  // and Laura Doktorova's doT.js (https://github.com/olado/doT).
159  var settings = templateSettings.imports._.templateSettings || templateSettings;
160
161  if (guard && isIterateeCall(string, options, guard)) {
162    options = undefined;
163  }
164  string = toString(string);
165  options = assignInWith({}, options, settings, customDefaultsAssignIn);
166
167  var imports = assignInWith({}, options.imports, settings.imports, customDefaultsAssignIn),
168      importsKeys = keys(imports),
169      importsValues = baseValues(imports, importsKeys);
170
171  var isEscaping,
172      isEvaluating,
173      index = 0,
174      interpolate = options.interpolate || reNoMatch,
175      source = "__p += '";
176
177  // Compile the regexp to match each delimiter.
178  var reDelimiters = RegExp(
179    (options.escape || reNoMatch).source + '|' +
180    interpolate.source + '|' +
181    (interpolate === reInterpolate ? reEsTemplate : reNoMatch).source + '|' +
182    (options.evaluate || reNoMatch).source + '|$'
183  , 'g');
184
185  // Use a sourceURL for easier debugging.
186  // The sourceURL gets injected into the source that's eval-ed, so be careful
187  // to normalize all kinds of whitespace, so e.g. newlines (and unicode versions of it) can't sneak in
188  // and escape the comment, thus injecting code that gets evaled.
189  var sourceURL = hasOwnProperty.call(options, 'sourceURL')
190    ? ('//# sourceURL=' +
191       (options.sourceURL + '').replace(/\s/g, ' ') +
192       '\n')
193    : '';
194
195  string.replace(reDelimiters, function(match, escapeValue, interpolateValue, esTemplateValue, evaluateValue, offset) {
196    interpolateValue || (interpolateValue = esTemplateValue);
197
198    // Escape characters that can't be included in string literals.
199    source += string.slice(index, offset).replace(reUnescapedString, escapeStringChar);
200
201    // Replace delimiters with snippets.
202    if (escapeValue) {
203      isEscaping = true;
204      source += "' +\n__e(" + escapeValue + ") +\n'";
205    }
206    if (evaluateValue) {
207      isEvaluating = true;
208      source += "';\n" + evaluateValue + ";\n__p += '";
209    }
210    if (interpolateValue) {
211      source += "' +\n((__t = (" + interpolateValue + ")) == null ? '' : __t) +\n'";
212    }
213    index = offset + match.length;
214
215    // The JS engine embedded in Adobe products needs `match` returned in
216    // order to produce the correct `offset` value.
217    return match;
218  });
219
220  source += "';\n";
221
222  // If `variable` is not specified wrap a with-statement around the generated
223  // code to add the data object to the top of the scope chain.
224  var variable = hasOwnProperty.call(options, 'variable') && options.variable;
225  if (!variable) {
226    source = 'with (obj) {\n' + source + '\n}\n';
227  }
228  // Throw an error if a forbidden character was found in `variable`, to prevent
229  // potential command injection attacks.
230  else if (reForbiddenIdentifierChars.test(variable)) {
231    throw new Error(INVALID_TEMPL_VAR_ERROR_TEXT);
232  }
233
234  // Cleanup code by stripping empty strings.
235  source = (isEvaluating ? source.replace(reEmptyStringLeading, '') : source)
236    .replace(reEmptyStringMiddle, '$1')
237    .replace(reEmptyStringTrailing, '$1;');
238
239  // Frame code as the function body.
240  source = 'function(' + (variable || 'obj') + ') {\n' +
241    (variable
242      ? ''
243      : 'obj || (obj = {});\n'
244    ) +
245    "var __t, __p = ''" +
246    (isEscaping
247       ? ', __e = _.escape'
248       : ''
249    ) +
250    (isEvaluating
251      ? ', __j = Array.prototype.join;\n' +
252        "function print() { __p += __j.call(arguments, '') }\n"
253      : ';\n'
254    ) +
255    source +
256    'return __p\n}';
257
258  var result = attempt(function() {
259    return Function(importsKeys, sourceURL + 'return ' + source)
260      .apply(undefined, importsValues);
261  });
262
263  // Provide the compiled function's source by its `toString` method or
264  // the `source` property as a convenience for inlining compiled templates.
265  result.source = source;
266  if (isError(result)) {
267    throw result;
268  }
269  return result;
270}
271
272module.exports = template;
273