haskal
/
skhtml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Relax attribute escaping. Fixes #26

This commit is contained in:
Jonathan Kingston 2019-05-21 08:10:14 +01:00 committed by Bodil Stokke
parent 9c81041cac
commit 1588f30353
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
macros/src/declare.rs
View File

@ -337,7 +337,7 @@ impl Declare {
for (attr_name, _, attr_str) in self.attrs() { for (attr_name, _, attr_str) in self.attrs() {
print_attrs.extend(quote!( print_attrs.extend(quote!(
if let Some(ref value) = self.attrs.#attr_name { if let Some(ref value) = self.attrs.#attr_name {
let value = ::htmlescape::encode_attribute(&value.to_string()); let value = crate::escape_html_attribute(value.to_string());
if !value.is_empty() { if !value.is_empty() {
write!(f, " {}=\"{}\"", #attr_str, value)?; write!(f, " {}=\"{}\"", #attr_str, value)?;
} }
@ -355,7 +355,7 @@ impl Declare {
#print_attrs #print_attrs
for (key, value) in &self.data_attributes { for (key, value) in &self.data_attributes {
write!(f, " data-{}=\"{}\"", key, write!(f, " data-{}=\"{}\"", key,
::htmlescape::encode_attribute(&value))?; crate::escape_html_attribute(value.to_string()))?;
} }
write!(f, "{}", self.events)?; write!(f, "{}", self.events)?;
#print_children #print_children

8
typed-html/src/lib.rs
View File

@ -227,3 +227,11 @@ impl OutputType for String {
type EventTarget = (); type EventTarget = ();
type EventListenerHandle = (); type EventListenerHandle = ();
} }
pub fn escape_html_attribute(html_attr: String) -> String {
// Even though the code is quoting the variables with a double quote, escape all known quoting chars
html_attr
.replace("\"", """)
.replace("'", "'")
.replace("`", "`")
}