maud
Our great sponsors
bad_actor_poc | maud | |
---|---|---|
12 | 29 | |
322 | 1,924 | |
- | - | |
0.0 | 6.4 | |
almost 3 years ago | about 1 month ago | |
Rust | Rust | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bad_actor_poc
-
Why is `const fn` different from other “const” things?
I'm not suggesting people in this thread are wrong, but working for a security company gives a slightly different perspective. For example, there's really nothing stopping a rogue crate from exporting your private keys, just by using VS code. I wasn't thinking about this when I helped write that proposal, though.
- Did somebody play around with macros yet?
-
todo-or-die!
Having less tools that can do things like https://github.com/lucky/bad_actor_poc is a relief.
-
Workspace Trust in VS Code
Code execution that may not be so obvious could be the preLaunchTask that runs before starting the app and can run a build that has an extra task executing arbitrary code unrelated to the build. What about the npm module that steals your crypto wallet private keys? Make a simple edit and a malicious linter is loaded from the node_modules folder, instead of the one that is installed globally. Even reading the code can be deceptive, attackers can use Unicode hacks to hide malicious code in plain sight. Heck, you don't even have to open any source code to be owned.
- lucky/bad_actor_poc - Stealing secrets with Rust Macros proof-of-concept via VSCode: This shows a trivial example of exfiltrating secrets just by the developer opening up the source
- Visual Studio Code May 2021
-
Carnet: A Tool for Sandboxing Cargo and Buildscripts
https://github.com/lucky/bad_actor_poc is one example
-
Fixated on end-user security, FOSS developers neglect their own...
It turns out that because Rust can execute code at compile time, simply opening a Rust source file in an editor with code completion support can cause a virus to be installed on my computer. Apparently I can't trust anything but basic text editors anymore...
- Using Rust Macros to exfiltrate secrets
maud
-
Templ: A language for writing HTML user interfaces in Go
I would like to mention maud in this context:
https://github.com/lambda-fairy/maud
It is refreshingly different from other Rust templating libraries. It uses a proc-macro that compiles your HTML into Rust code. I also happen to use it in conjunction with HTMX and it works very well for me (at least in small projects).
-
Getting Started with Axum - Rust's Most Popular Framework
You can also use HTML templating with crates like askama, tera and maud! This can be combined with the power of lightweight JavaScript libraries like htmx to speed up time to production. You can read more about this on our other article about using HTMX with Rust which you can find here.. We also collaborated with Stefan Baumgartner on an article for serving HTML with Askama!
-
RustGPT: ChatGPT UI Built with Rust, Htmx, SQLite
I think a lot of us reach for Jinja-style templates so it feels a little more like we're writing bare HTML. But they're of course still just templates, and they need a build step before they become valid HTML.
So it's true, if you're willing to use a DSL embedded in your server language (like JSX), then you'll have the full language tooling available to you. And this probably isn't giving up much over language-specific templates.
A JSX-equivalent for the Rust server-side rendering world would probably be maud [1] or leptops [2].
[1] https://github.com/lambda-fairy/maud
[2] https://github.com/leptos-rs/leptos
- Hyper – A fast and correct HTTP implementation for Rust
-
Want a web app to respond to local file changes. Is Tauri the solution here?
Maud as a performant templating engine that will ensure your templates are well-formed at compile-time and, in effect, minify the generated HTML output by not passing through unnecessary whitespace.
-
Rust tech stack
Maud is a fast Slim/Haml-esque templating engine which will automatically minify your HTML at no extra charge because whitespace isn't significant in its syntax.
-
rust web dev??
If you want to do backend development, give actix-web or Axum a try. If you need templating, take a look at Maud and if you want an ORM, take a look at SeaORM.
-
Any web frameworks that could compare to Symfony?
Personally, I'd recommend Maud if you don't need something with runtime reloading. Not only is it much faster, it implements a template language that is effectively the Rust-syntax equivalent to Slim or Haml using a procedural macro, so you get compile-time verification that your HTML output is well-formed.
-
Anyone from a Typescript/React background who tried out Rust for the 1st time?
For templating, Maud is fast, gives compile-time well-formedness guarantees, and outputs minified HTML by default as a side-effect of it being based on Rust macros. (It's of a similar design philosophy to Slim and Haml)
- I love building a startup in Rust. I wouldn't pick it again
What are some alternatives?
language - Design of the Dart language
askama - Type-safe, compiled Jinja-like templates for Rust
carnet - A Tool for Sandboxing Cargo and Buildscripts
tera - A template engine for Rust based on Jinja2/Django
Visual Studio Code - Visual Studio Code
horrorshow-rs - A macro-based html builder for rust
macro_prototype - A very basic prototype of macros using build_runner
markup.rs - A blazing fast, type-safe template engine for Rust.
code-it-later-rs - Filter crumbs you left in comments of code to remind where you were
ructe - Rust Compiled Templates with static-file handling
security - Embargoed security issues that will be made public after a fix is made available. Use https://github.com/nim-lang/security/security
multiversion - Easy function multiversioning for Rust