📘 doc: update html plugin

SaltyAom · SaltyAom · commit fda61e3f6d74 · 2023-10-08T02:54:21.000+07:00
diff --git a/docs/plugins/html.md b/docs/plugins/html.md
@@ -35,16 +35,57 @@ new Elysia()
     .get(
         '/html',
         () => `
-        <html lang="en">
+            <html lang='en'>
+                <head>
+                    <title>Hello World</title>
+                </head>
+                <body>
+                    <h1>Hello World</h1>
+                </body>
+            </html>`
+    )
+    .get('/jsx', () => (
+        <html lang='en'>
             <head>
                 <title>Hello World</title>
             </head>
             <body>
                 <h1>Hello World</h1>
             </body>
-        </html>  `
-    )
-    .get('/jsx', () => (
+        </html>
+    ))
+    .listen(3000)
+```
+
+This plugin will automatically add `Content-Type: text/html; charset=utf8` header to the response, add `<!doctype html>` and convert it into a Response object.
+
+## JSX
+Elysia HTML is based on [@kitajs/html](https://github.com/kitajs/html) allowing us to define JSX to string in compile time to archive high performance.
+
+Name your file that need to use JSX to ends with affix **"x"**:
+- .js -> .jsx
+- .ts -> .tsx
+
+To register TypeScript type, please appends the following to **tsconfig.json**:
+```jsonc
+// tsconfig.json
+{
+    "compilerOptions": {
+        "jsx": "react",
+        "jsxFactory": "Html.createElement",
+        "jsxFragmentFactory": "Html.Fragment"
+    }
+}
+```
+
+That's it, now you can JSX as your template engine:
+```tsx
+import { Elysia } from 'elysia'
+import { html } from '@elysiajs/html' // [!code ++]
+
+new Elysia()
+    .use(html()) // [!code ++]
+    .get('/', () => (
         <html lang="en">
             <head>
                 <title>Hello World</title>
@@ -54,10 +95,53 @@ new Elysia()
             </body>
         </html>
     ))
-    .listen(8080)
+    .listen(3000)
 ```
 
-This plugin will automatically add `Content-Type: text/html; charset=utf8` header to the response, add `<!doctype html>` and convert it into a Response object.
+## XSS
+Elysia HTML is based use with Kita HTML plugin to detect possible XSS attack in compile time.
+
+You can use a dedicated `safe` attribute to sanitize user value to prevent XSS vulnerability.
+```tsx
+import { Elysia, t } from 'elysia'
+import { html } from '@elysiajs/html'
+
+new Elysia()
+    .use(html())
+    .post('/', ({ body }) => (
+        <html lang="en">
+            <head>
+                <title>Hello World</title>
+            </head>
+            <body>
+                <h1 safe>{body}</h1>
+            </body>
+        </html>
+    ), {
+        body: t.String()
+    })
+    .listen(3000)
+```
+
+However, when are building a large-scale app, it's best to have a type reminder to detect possible XSS vulnerability in your codebase.
+
+To add a type-safe reminder, please install:
+```sh
+bun add @kitajs/ts-html-plugin
+```
+
+Then appends the following **tsconfig.json
+```jsonc
+// tsconfig.json
+{
+    "compilerOptions": {
+        "jsx": "react",
+        "jsxFactory": "Html.createElement",
+        "jsxFragmentFactory": "Html.Fragment",
+        "plugins": [{ "name": "@kitajs/ts-html-plugin" }]
+    }
+}
+```
 
 ## Options
 
@@ -100,92 +184,3 @@ app.get('/', ({ html }) => html('<html></html>'))
 The function used to detect if a string is a html or not. Default implementation if length is greater than 7, starts with `<` and ends with `>`.
 
 Keep in mind there's no real way to validate HTML, so the default implementation is a best guess.
-
-## Jsx
-
-This plugin re-exports [@kitajs/html](https://github.com/kitajs/html), which is a JSX factory for creating HTML strings from JSX. **Please report JSX related issues to that repository.**
-
-To use JSX, first rename your file extension to either `.tsx` or `.jsx`.
-
-Then, install basic dependencies and add the following to your `tsconfig.json`:
-
-```sh
-bun install @kitajs/html @kitajs/ts-html-plugin
-```
-
-```jsonc
-// tsconfig.json
-
-{
-    "compilerOptions": {
-        "jsx": "react",
-        "jsxFactory": "Html.createElement",
-        "jsxFragmentFactory": "Html.Fragment",
-        "plugins": [{ "name": "@kitajs/ts-html-plugin" }]
-    }
-}
-```
-
-Then, you can simply use the JSX syntax to create HTML strings:
-
-```tsx
-// app.tsx
-
-import { Elysia } from 'elysia'
-import { html } from '@elysiajs/html'
-
-new Elysia()
-    .use(html())
-    .get('/', () => (
-        <html lang="en">
-            <head>
-                <title>Hello World</title>
-            </head>
-            <body>
-                <h1>Hello World</h1>
-            </body>
-        </html>
-    ))
-    .listen(8080)
-```
-
-and that's it! 🎉
-
-You can now use JSX to define your web page and Elysia will turns them to HTML automatically.
-
-::: warning
-Learn how to [sanitize](https://github.com/kitajs/html#sanitization) and avoid xss vulnerabilities in your code!
-:::
-
-::: tip
-
-new Elysia()
-    .get('/unsafe', ({ sanitize }) => (
-        <h1>{sanitize(malicious)}</h1>
-    ))
-    .listen(8080)
-```
-
-Read more about JSX in the [official documentation](https://github.com/kitajs/html) and learn how to add HTMX typings, compiling html, adding more JSX components and so on...
-
-:::
-
-## Sanitization
-
-To keep this section up to date, please refer to the [sanitization](https://github.com/kitajs/html/tree/master#sanitization) section of the `@kitajs/html` repository.
-
-## Manual handler
-
-We recommend relying on automatic responses, but you can optionally disable `autoDetect` and explicitly only use the `html` function.
-
-```ts
-import { Elysia } from 'elysia'
-import { html } from '@elysiajs/html'
-
-const page = '<html>My Html</html>'
-
-new Elysia()
-    .use(html({ autoDetect: false }))
-    .get('/', ({ html }) => html(page))
-    .listen(8080)
-```
