From 93aeeb7a6316389f3bd4bbdb7a9ffc555677e719 Mon Sep 17 00:00:00 2001 From: bgw <29340584+bgwdotdev@users.noreply.github.com> Date: Thu, 25 Apr 2024 19:19:15 +0100 Subject: =?UTF-8?q?=F0=9F=94=80=20Escape=20attribute=20values=20when=20emi?= =?UTF-8?q?tting=20static=20HTML.=20(#113)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: add the escape function over custom attribute values * fix: update class and style attribute values to be escaped --- test/apps/static.gleam | 15 +++++++++++++-- test/lustre_test.gleam | 6 ++++++ 2 files changed, 19 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/apps/static.gleam b/test/apps/static.gleam index 5c6ca05..fcf52f3 100644 --- a/test/apps/static.gleam +++ b/test/apps/static.gleam @@ -1,8 +1,8 @@ // IMPORTS --------------------------------------------------------------------- -import lustre/attribute.{disabled, src} +import lustre/attribute.{attribute, class, disabled, src, style} import lustre/element.{text} -import lustre/element/html.{body, h1, head, html, img, input, title} +import lustre/element/html.{body, div, h1, head, html, img, input, title} // VIEW ------------------------------------------------------------------------ @@ -16,3 +16,14 @@ pub fn view() { ]), ]) } + +pub fn escaped_attribute() { + div( + [ + class("'badquotes'"), + style([#("background", "\">")]), + attribute("example", "{\"mykey\": \"myvalue\"}"), + ], + [], + ) +} diff --git a/test/lustre_test.gleam b/test/lustre_test.gleam index f3a2993..6cd93c3 100644 --- a/test/lustre_test.gleam +++ b/test/lustre_test.gleam @@ -149,3 +149,9 @@ pub fn fragment_counter_diff_test() { birdie.snap(json.to_string(patch.element_diff_to_json(diff)), title) process.send(runtime, Shutdown) } + +pub fn escaped_attribute_test() { + let title = "Can safely escape dangerous symbols in attributes" + let el = static.escaped_attribute() + birdie.snap(element.to_string(el), title) +} -- cgit v1.2.3