From 1588f30353f21b1fa150415f17959afe3113ccc5 Mon Sep 17 00:00:00 2001
From: Jonathan Kingston <jonathan@jooped.co.uk>
Date: Tue, 21 May 2019 08:10:14 +0100
Subject: [PATCH] Relax attribute escaping. Fixes #26

---
 macros/src/declare.rs | 4 ++--
 typed-html/src/lib.rs | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/macros/src/declare.rs b/macros/src/declare.rs
index 93fcc10..104de6b 100644
--- a/macros/src/declare.rs
+++ b/macros/src/declare.rs
@@ -337,7 +337,7 @@ impl Declare {
         for (attr_name, _, attr_str) in self.attrs() {
             print_attrs.extend(quote!(
                 if let Some(ref value) = self.attrs.#attr_name {
-                    let value = ::htmlescape::encode_attribute(&value.to_string());
+                    let value = crate::escape_html_attribute(value.to_string());
                     if !value.is_empty() {
                         write!(f, " {}=\"{}\"", #attr_str, value)?;
                     }
@@ -355,7 +355,7 @@ impl Declare {
                     #print_attrs
                     for (key, value) in &self.data_attributes {
                         write!(f, " data-{}=\"{}\"", key,
-                               ::htmlescape::encode_attribute(&value))?;
+                               crate::escape_html_attribute(value.to_string()))?;
                     }
                     write!(f, "{}", self.events)?;
                     #print_children
diff --git a/typed-html/src/lib.rs b/typed-html/src/lib.rs
index 440bb0d..ef53afe 100644
--- a/typed-html/src/lib.rs
+++ b/typed-html/src/lib.rs
@@ -227,3 +227,11 @@ impl OutputType for String {
     type EventTarget = ();
     type EventListenerHandle = ();
 }
+
+pub fn escape_html_attribute(html_attr: String) -> String {
+    // Even though the code is quoting the variables with a double quote, escape all known quoting chars
+    html_attr
+        .replace("\"", "&quot;")
+        .replace("'", "&#39;")
+        .replace("`", "&#96;")
+}