Sadly this was nicer in Twirl, because *safe* string interpolation was
happening more naturally in templates. This example allows no XSS,
guaranteed by types:
@embedJs {
var foo = { "bar": @{safeJsonValue(jsObj)} };
}
Equivalent with scalatags:
embedJs(frag(
raw("""var foo = { "bar": """), jsObj.toJsonFrag, raw(" }; ")
))
This is so ugly that it's used nowhere. Just unsafe string interpolation
everywhere:
embedJsUnsafe(s"""var foo = { "bar": ${safeJsonValue(jsObj)} };""")
Note that this would compile fine without safeJsonValue, but would be
an XSS vulnerability.
HTML is a mess:
* Some attributes need "true" / "false" (justifying existence of boolean
conversion in scalatags)
* Some attributes need "yes" / "no"
* Some attributes are truly boolean (present or not,
alternatively attr="attr")
Scalatags does not help with the latter two cases, and no type safety,
so just gotta watch out :(