hamlit 0.4.3 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1688e256cfeb017819cd1ea62ba2a083a9347224
4
- data.tar.gz: 77978ed4df48aa09950e3462ea3e00914d1da7e8
3
+ metadata.gz: f3c1078cb3f9e7ede4ba7c795b4e3efc2362741f
4
+ data.tar.gz: 698a072f9a818ce45c49840474b3a195ce1eddaf
5
5
  SHA512:
6
- metadata.gz: cb9bdcb4facccdb71d92e5e80014797326ac2c1e118b61a137b203ec4f145ad4d2529a58a0450beb340f623909f035cdf824e91fed50e2708bac1ec582a22840
7
- data.tar.gz: 3e1a31ea12ab7ab547e7b38516cf80b95f48a29ef3c7cf20d4a8c128eeb0dd1f5499cbd59cf4ff86e8df6bf453487b0f8fcd7a1d4d6efd54e1df3070d391a17a
6
+ metadata.gz: 87200444daaae8c0d02f191bd001bfee731e357087220926f8fb4c8659c2e9028af2996d1d819b7002cf1ad7582b80bcd83962ea24bd4ece1c04e3fcaa8f2d6a
7
+ data.tar.gz: dce886340c509921c981afdcc7f83d1d9a5f8bd175c796dc285064a6f2f8e35e68e9929a8ce6158087919bde932f695e4db989d941f34b0384e4221d041d8b30
@@ -1,3 +1,9 @@
1
+ ## v0.5.0
2
+
3
+ - Escape special characters in attribute values
4
+ - https://github.com/k0kubun/hamlit/issues/10
5
+ - Thanks to @mono0x, @eagletmt
6
+
1
7
  ## v0.4.3
2
8
 
3
9
  - Allow empty else statement
@@ -1,5 +1,6 @@
1
1
  require 'hamlit/compilers/new_attribute'
2
2
  require 'hamlit/compilers/old_attribute'
3
+ require 'hamlit/concerns/escapable'
3
4
  require 'hamlit/concerns/included'
4
5
 
5
6
  module Hamlit
@@ -10,6 +11,8 @@ module Hamlit
10
11
  include Compilers::OldAttribute
11
12
 
12
13
  included do
14
+ include Concerns::Escapable
15
+
13
16
  define_options :format, :attr_quote
14
17
  end
15
18
 
@@ -18,11 +21,21 @@ module Hamlit
18
21
  attrs = join_ids(attrs)
19
22
  attrs = combine_classes(attrs)
20
23
  attrs = pull_class_first(attrs)
21
- [:html, :attrs, *attrs]
24
+ [:html, :attrs, *escape_attribute_values(attrs)]
22
25
  end
23
26
 
24
27
  private
25
28
 
29
+ def escape_attribute_values(attrs)
30
+ attrs.map do |attr|
31
+ _, _, name, value = attr
32
+ type, arg = value
33
+ next attr unless name && type && type && arg
34
+
35
+ [:html, :attr, name, escape_html(value, true)]
36
+ end
37
+ end
38
+
26
39
  def compile_attributes(exps)
27
40
  attrs = []
28
41
  exps.each do |exp|
@@ -1,3 +1,3 @@
1
1
  module Hamlit
2
- VERSION = "0.4.3"
2
+ VERSION = "0.5.0"
3
3
  end
@@ -15,5 +15,31 @@ describe Hamlit::Engine do
15
15
  <p a='1' b='2'>bar</p>
16
16
  HTML
17
17
  end
18
+
19
+ describe 'html escape' do
20
+ it 'escapes attribute values on static attributes' do
21
+ assert_render(<<-'HAML', <<-HTML)
22
+ %a(title="'")
23
+ %a(title = "'\"")
24
+ %a(href='/search?foo=bar&hoge=<fuga>')
25
+ HAML
26
+ <a title='&#39;'></a>
27
+ <a title='&#39;&quot;'></a>
28
+ <a href='/search?foo=bar&amp;hoge=&lt;fuga&gt;'></a>
29
+ HTML
30
+ end
31
+
32
+ it 'escapes attribute values on dynamic attributes' do
33
+ assert_render(<<-'HAML', <<-HTML)
34
+ - title = "'\""
35
+ - href = '/search?foo=bar&hoge=<fuga>'
36
+ %a(title=title)
37
+ %a(href=href)
38
+ HAML
39
+ <a title='&#39;&quot;'></a>
40
+ <a href='/search?foo=bar&amp;hoge=&lt;fuga&gt;'></a>
41
+ HTML
42
+ end
43
+ end
18
44
  end
19
45
  end
@@ -78,15 +78,6 @@ describe Hamlit::Engine do
78
78
  HTML
79
79
  end
80
80
 
81
- it 'renders runtime hash attribute escaping only value' do
82
- assert_render(<<-'HAML', <<-HTML)
83
- - hash = { "'<foo>'" => '<bar>' }
84
- %span{ hash }
85
- HAML
86
- <span '<foo>'='&lt;bar&gt;'></span>
87
- HTML
88
- end
89
-
90
81
  it 'renders multi-byte chars as static attribute value' do
91
82
  assert_render(<<-'HAML', <<-HTML)
92
83
  %img{ alt: 'こんにちは' }
@@ -95,6 +86,44 @@ describe Hamlit::Engine do
95
86
  HTML
96
87
  end
97
88
 
89
+ describe 'html escape' do
90
+ it 'escapes attribute values on static attributes' do
91
+ assert_render(<<-'HAML', <<-HTML)
92
+ %a{title: "'"}
93
+ %a{title: "'\""}
94
+ %a{href: '/search?foo=bar&hoge=<fuga>'}
95
+ HAML
96
+ <a title='&#39;'></a>
97
+ <a title='&#39;&quot;'></a>
98
+ <a href='/search?foo=bar&amp;hoge=&lt;fuga&gt;'></a>
99
+ HTML
100
+ end
101
+
102
+ it 'escapes attribute values on dynamic attributes' do
103
+ assert_render(<<-'HAML', <<-HTML)
104
+ - title = "'\""
105
+ - href = '/search?foo=bar&hoge=<fuga>'
106
+ %a{title: title}
107
+ %a{href: href}
108
+ HAML
109
+ <a title='&#39;&quot;'></a>
110
+ <a href='/search?foo=bar&amp;hoge=&lt;fuga&gt;'></a>
111
+ HTML
112
+ end
113
+
114
+ it 'escapes attribute values on hash attributes' do
115
+ assert_render(<<-'HAML', <<-HTML)
116
+ - title = { title: "'\"" }
117
+ - href = { href: '/search?foo=bar&hoge=<fuga>' }
118
+ %a{ title }
119
+ %a{ href }
120
+ HAML
121
+ <a title='&#39;&quot;'></a>
122
+ <a href='/search?foo=bar&amp;hoge=&lt;fuga&gt;'></a>
123
+ HTML
124
+ end
125
+ end
126
+
98
127
  describe 'nested attributes' do
99
128
  it 'renders true attributes' do
100
129
  assert_render(<<-'HAML', <<-HTML)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hamlit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.3
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Takashi Kokubun