phlex 2.3.2 → 2.4.0.beta1

data/lib/phlex/compiler.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require "prism"
+require "refract"
+
+module Phlex::Compiler
+	Error = Class.new(StandardError)
+
+	def self.compile(component)
+		path, line = Object.const_source_location(component.name)
+		return unless File.exist?(path)
+		source = File.read(path)
+		tree = Prism.parse(source).value
+		refract = Refract::Converter.new.visit(tree)
+
+		Compilation.new(component, path, line, source, refract).compile
+	end
+end

data/lib/phlex/html.rb

@@ -55,10 +55,10 @@ class Phlex::HTML < Phlex::SGML
 			raise Phlex::ArgumentError.new("Expected the tag name to be a Symbol.")
 		end
 
-		if (tag = StandardElements.__registered_elements__[name]) || ((tag = name.name.tr("_", "-")).include?("-") && tag.match?(/\A[a-z0-9-]+\z/))
+		if (tag = StandardElements.__registered_elements__[name]) || (tag = name.name.tr("_", "-")).include?("-")
 			if attributes.length > 0 # with attributes
 				if block_given # with content block
-					buffer << "<#{tag}" << (Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes)) << ">"
+					buffer << "<#{tag}" << (Phlex::ATTRIBUTE_CACHE[attributes] ||= Phlex::SGML::Attributes.generate_attributes(attributes)) << ">"
 					if tag == "svg"
 						render Phlex::SVG.new(&)
 					else
@@ -66,7 +66,7 @@ class Phlex::HTML < Phlex::SGML
 					end
 					buffer << "</#{tag}>"
 				else # without content
-					buffer << "<#{tag}" << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes)) << "></#{tag}>"
+					buffer << "<#{tag}" << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= Phlex::SGML::Attributes.generate_attributes(attributes)) << "></#{tag}>"
 				end
 			else # without attributes
 				if block_given # with content block
@@ -87,7 +87,7 @@ class Phlex::HTML < Phlex::SGML
 			end
 
 			if attributes.length > 0 # with attributes
-				buffer << "<#{tag}" << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes)) << ">"
+				buffer << "<#{tag}" << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= Phlex::SGML::Attributes.generate_attributes(attributes)) << ">"
 			else # without attributes
 				buffer << "<#{tag}>"
 			end

data/lib/phlex/sgml/attributes.rb

@@ -0,0 +1,280 @@
+# frozen_string_literal: true
+
+module Phlex::SGML::Attributes
+	extend self
+
+	UNSAFE_ATTRIBUTES = Set.new(%w[srcdoc sandbox http-equiv]).freeze
+	REF_ATTRIBUTES = Set.new(%w[href src action formaction lowsrc dynsrc background ping]).freeze
+
+	def generate_attributes(attributes, buffer = +"")
+		attributes.each do |k, v|
+			next unless v
+
+			name = case k
+				when String then k
+				when Symbol then k.name.tr("_", "-")
+				else raise Phlex::ArgumentError.new("Attribute keys should be Strings or Symbols.")
+			end
+
+			value = case v
+			when true
+				true
+			when String
+				v.gsub('"', """)
+			when Symbol
+				v.name.tr("_", "-").gsub('"', """)
+			when Integer, Float
+				v.to_s
+			when Date
+				v.iso8601
+			when Time
+				v.respond_to?(:iso8601) ? v.iso8601 : v.strftime("%Y-%m-%dT%H:%M:%S%:z")
+			when Hash
+				case k
+				when :style
+					generate_styles(v).gsub('"', """)
+				else
+					generate_nested_attributes(v, "#{name}-", buffer)
+				end
+			when Array
+				case k
+				when :style
+					generate_styles(v).gsub('"', """)
+				else
+					generate_nested_tokens(v)
+				end
+			when Set
+				case k
+				when :style
+					generate_styles(v).gsub('"', """)
+				else
+					generate_nested_tokens(v.to_a)
+				end
+			when Phlex::SGML::SafeObject
+				v.to_s.gsub('"', """)
+			else
+				raise Phlex::ArgumentError.new("Invalid attribute value for #{k}: #{v.inspect}.")
+			end
+
+			lower_name = name.downcase
+
+			unless Phlex::SGML::SafeObject === v
+				normalized_name = lower_name.delete("^a-z-")
+
+				if value != true && REF_ATTRIBUTES.include?(normalized_name)
+					case value
+					when String
+						if value.downcase.delete("^a-z:").start_with?("javascript:")
+							# We just ignore these because they were likely not specified by the developer.
+							next
+						end
+					else
+						raise Phlex::ArgumentError.new("Invalid attribute value for #{k}: #{v.inspect}.")
+					end
+				end
+
+				if normalized_name.bytesize > 2 && normalized_name.start_with?("on") && !normalized_name.include?("-")
+					raise Phlex::ArgumentError.new("Unsafe attribute name detected: #{k}.")
+				end
+
+				if UNSAFE_ATTRIBUTES.include?(normalized_name)
+					raise Phlex::ArgumentError.new("Unsafe attribute name detected: #{k}.")
+				end
+			end
+
+			if name.match?(/[<>&"']/)
+				raise Phlex::ArgumentError.new("Unsafe attribute name detected: #{k}.")
+			end
+
+			if lower_name.to_sym == :id && k != :id
+				raise Phlex::ArgumentError.new(":id attribute should only be passed as a lowercase symbol.")
+			end
+
+			case value
+			when true
+				buffer << " " << name
+			when String
+				buffer << " " << name << '="' << value << '"'
+			end
+		end
+
+		buffer
+	end
+
+	# Provides the nested-attributes case for serializing out attributes.
+	# This allows us to skip many of the checks the `__attributes__` method must perform.
+	def generate_nested_attributes(attributes, base_name, buffer = +"")
+		attributes.each do |k, v|
+			next unless v
+
+			if (root_key = (:_ == k))
+				name = ""
+				original_base_name = base_name
+				base_name = base_name.delete_suffix("-")
+			else
+				name = case k
+					when String then k
+					when Symbol then k.name.tr("_", "-")
+					else raise Phlex::ArgumentError.new("Attribute keys should be Strings or Symbols")
+				end
+
+				if name.match?(/[<>&"']/)
+					raise Phlex::ArgumentError.new("Unsafe attribute name detected: #{k}.")
+				end
+			end
+
+			case v
+			when true
+				buffer << " " << base_name << name
+			when String
+				buffer << " " << base_name << name << '="' << v.gsub('"', "&quot;") << '"'
+			when Symbol
+				buffer << " " << base_name << name << '="' << v.name.tr("_", "-").gsub('"', "&quot;") << '"'
+			when Integer, Float
+				buffer << " " << base_name << name << '="' << v.to_s << '"'
+			when Hash
+				generate_nested_attributes(v, "#{base_name}#{name}-", buffer)
+			when Array
+				if (value = generate_nested_tokens(v))
+					buffer << " " << base_name << name << '="' << value << '"'
+				end
+			when Set
+				if (value = generate_nested_tokens(v.to_a))
+					buffer << " " << base_name << name << '="' << value << '"'
+				end
+			when Phlex::SGML::SafeObject
+				buffer << " " << base_name << name << '="' << v.to_s.gsub('"', "&quot;") << '"'
+			else
+				raise Phlex::ArgumentError.new("Invalid attribute value #{v.inspect}.")
+			end
+
+			if root_key
+				base_name = original_base_name
+			end
+
+			buffer
+		end
+	end
+
+	def generate_nested_tokens(tokens, sep = " ", gsub_from = nil, gsub_to	= "")
+		buffer = +""
+
+		i, length = 0, tokens.length
+
+		while i < length
+			token = tokens[i]
+
+			case token
+			when String
+				token = token.gsub(gsub_from, gsub_to) if gsub_from
+				if i > 0
+					buffer << sep << token
+				else
+					buffer << token
+				end
+			when Symbol
+				if i > 0
+					buffer << sep << token.name.tr("_", "-")
+				else
+					buffer << token.name.tr("_", "-")
+				end
+			when Integer, Float, Phlex::SGML::SafeObject
+				if i > 0
+					buffer << sep << token.to_s
+				else
+					buffer << token.to_s
+				end
+			when Array
+				if token.length > 0 && (value = generate_nested_tokens(token, sep, gsub_from, gsub_to))
+					if i > 0
+						buffer << sep << value
+					else
+						buffer << value
+					end
+				end
+			when Set
+				if token.length > 0 && (value = generate_nested_tokens(token.to_a, sep, gsub_from, gsub_to))
+					if i > 0
+						buffer << sep << value
+					else
+						buffer << value
+					end
+				end
+			when nil
+				# Do nothing
+			else
+				raise Phlex::ArgumentError.new("Invalid token type: #{token.class}.")
+			end
+
+			i += 1
+		end
+
+		return if buffer.empty?
+
+		buffer.gsub('"', "&quot;")
+	end
+
+	# The result is unsafe so should be escaped.
+	def generate_styles(styles)
+		case styles
+		when Array, Set
+			styles.filter_map do |s|
+				case s
+				when String
+					if s == "" || s.end_with?(";")
+						s
+					else
+						"#{s};"
+					end
+				when Phlex::SGML::SafeObject
+					value = s.to_s
+					value.end_with?(";") ? value : "#{value};"
+				when Hash
+					next generate_styles(s)
+				when nil
+					next nil
+				else
+					raise Phlex::ArgumentError.new("Invalid style: #{s.inspect}.")
+				end
+			end.join(" ")
+		when Hash
+			buffer = +""
+			i = 0
+			styles.each do |k, v|
+				prop = case k
+				when String
+					k
+				when Symbol
+					k.name.tr("_", "-")
+				else
+					raise Phlex::ArgumentError.new("Style keys should be Strings or Symbols.")
+				end
+
+				value = case v
+				when String
+					v
+				when Symbol
+					v.name.tr("_", "-")
+				when Integer, Float, Phlex::SGML::SafeObject
+					v.to_s
+				when nil
+					nil
+				else
+					raise Phlex::ArgumentError.new("Invalid style value: #{v.inspect}")
+				end
+
+				if value
+					if i == 0
+						buffer << prop << ": " << value << ";"
+					else
+						buffer << " " << prop << ": " << value << ";"
+					end
+				end
+
+				i += 1
+			end
+
+			buffer
+		end
+	end
+end

data/lib/phlex/sgml/elements.rb

@@ -4,16 +4,16 @@ module Phlex::SGML::Elements
 	COMMA_SEPARATED_TOKENS = {
 		img: <<~RUBY,
 			if Array === (srcset_attribute = attributes[:srcset])
-				attributes[:srcset] = __nested_tokens__(srcset_attribute, ", ")
+				attributes[:srcset] = Phlex::SGML::Attributes.generate_nested_tokens(srcset_attribute, ", ", ",", "%2C")
 			end
 		RUBY
 		link: <<~RUBY,
 			if Array === (media_attribute = attributes[:media])
-				attributes[:media] = __nested_tokens__(media_attribute, ", ")
+				attributes[:media] = Phlex::SGML::Attributes.generate_nested_tokens(media_attribute, ", ", ",", "%2C")
 			end
 
 			if Array === (sizes_attribute = attributes[:sizes])
-				attributes[:sizes] = __nested_tokens__(sizes_attribute, ", ")
+				attributes[:sizes] = Phlex::SGML::Attributes.generate_nested_tokens(sizes_attribute, ", ", ",", "%2C")
 			end
 
 			if Array === (imagesrcset_attribute = attributes[:imagesrcset])
@@ -21,7 +21,7 @@ module Phlex::SGML::Elements
 				as_attribute = attributes[:as] || attributes["as"]
 
 				if ("preload" == rel_attribute || :preload == rel_attribute) && ("image" == as_attribute || :image == as_attribute)
-					attributes[:imagesrcset] = __nested_tokens__(imagesrcset_attribute, ", ")
+					attributes[:imagesrcset] = Phlex::SGML::Attributes.generate_nested_tokens(imagesrcset_attribute, ", ", ",", "%2C")
 				end
 			end
 		RUBY
@@ -30,7 +30,7 @@ module Phlex::SGML::Elements
 				type_attribute = attributes[:type] || attributes["type"]
 
 				if "file" == type_attribute || :file == type_attribute
-					attributes[:accept] = __nested_tokens__(accept_attribute, ", ")
+					attributes[:accept] = Phlex::SGML::Attributes.generate_nested_tokens(accept_attribute, ", ", ",", "%2C")
 				end
 			end
 		RUBY
@@ -59,7 +59,7 @@ module Phlex::SGML::Elements
 						buffer << "<#{tag}"
 						begin
 							#{COMMA_SEPARATED_TOKENS[method_name]}
-							buffer << (Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes))
+							buffer << (Phlex::ATTRIBUTE_CACHE[attributes] ||= Phlex::SGML::Attributes.generate_attributes(attributes))
 						ensure
 							buffer << ">"
 						end
@@ -90,7 +90,7 @@ module Phlex::SGML::Elements
 						buffer << "<#{tag}"
 						begin
 							#{COMMA_SEPARATED_TOKENS[method_name]}
-							buffer << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes))
+							buffer << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= Phlex::SGML::Attributes.generate_attributes(attributes))
 						ensure
 							buffer << "></#{tag}>"
 						end
@@ -152,7 +152,7 @@ module Phlex::SGML::Elements
 					buffer << "<#{tag}"
 					begin
 						#{COMMA_SEPARATED_TOKENS[method_name]}
-						buffer << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= __attributes__(attributes))
+						buffer << (::Phlex::ATTRIBUTE_CACHE[attributes] ||= Phlex::SGML::Attributes.generate_attributes(attributes))
 					ensure
 						buffer << ">"
 					end