Fix ampersand in jsx href and src (#1056)
* Add exceptions for html escape usage in href and src attributes. * Add new test cases. * Remove useless spaces. * Do not escape if the parser does not do so. * Implement a different heuristic for keeping along with the parser. * Update tests. * Forgot passing options as param. * Experimental alternative implementation. * Remove other function. * Push test after merge. * Update getJsXRawValue in order to return the unprocessed raw value. Latest Babylon version includes a fix that allow us to directly inject the unprocessed raw value available in the `extra.rawValue` property of the node. A last transformation is applied by replacing double quotes to `"` entities. * Drop unused htmlEscapeInsideDoubleQuote function. * Move getJSXRawValue function logic to the its only call, drop it. A simple check is performed to determine if the parser is babylon or flow via `n.value.extra`. Thus, the corresponding raw value is extracted. If we are converting a string from single quotes to double quotes, we need to make sure that double quotes are converted to ". * Remove ambiguous comment. * Add Babylon parser. * Update test cases accordingly, revert regression introduced previously.master
parent
dc93bdc983
commit
d1191adce6
|
@ -1200,7 +1200,10 @@ function genericPrintNoParens(path, options, print) {
|
|||
(n.value.type === "StringLiteral" || n.value.type === "Literal") &&
|
||||
typeof n.value.value === "string"
|
||||
) {
|
||||
res = '"' + util.htmlEscapeInsideDoubleQuote(n.value.value) + '"';
|
||||
const value = n.value.extra ? n.value.extra.raw : n.value.raw;
|
||||
res = '"' +
|
||||
value.slice(1, value.length - 1).replace(/"/g, """) +
|
||||
'"';
|
||||
} else {
|
||||
res = path.call(print, "value");
|
||||
}
|
||||
|
|
11
src/util.js
11
src/util.js
|
@ -265,16 +265,6 @@ function setLocEnd(node, index) {
|
|||
}
|
||||
}
|
||||
|
||||
// http://stackoverflow.com/a/7124052
|
||||
function htmlEscapeInsideDoubleQuote(str) {
|
||||
return str.replace(/&/g, "&").replace(/"/g, """);
|
||||
// Intentionally disable the following since it is safe inside of a
|
||||
// double quote context
|
||||
// .replace(/'/g, ''')
|
||||
// .replace(/</g, '<')
|
||||
// .replace(/>/g, '>');
|
||||
}
|
||||
|
||||
// http://stackoverflow.com/a/7124052
|
||||
function htmlEscapeInsideAngleBracket(str) {
|
||||
return str.replace(/</g, "<").replace(/>/g, ">");
|
||||
|
@ -328,6 +318,5 @@ module.exports = {
|
|||
locEnd,
|
||||
setLocStart,
|
||||
setLocEnd,
|
||||
htmlEscapeInsideDoubleQuote,
|
||||
htmlEscapeInsideAngleBracket
|
||||
};
|
||||
|
|
|
@ -139,6 +139,17 @@ exports[`expression.js 1`] = `
|
|||
"
|
||||
`;
|
||||
|
||||
exports[`html_escape.js 1`] = `
|
||||
"export default () => <a href=\\"https://foo.bar?q1=foo&q2=bar\\" />;
|
||||
|
||||
() => <img src=\\"https://bar.foo?param1=1¶m2=2\\" />;
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
export default () => <a href=\\"https://foo.bar?q1=foo&q2=bar\\" />;
|
||||
|
||||
() => <img src=\\"https://bar.foo?param1=1¶m2=2\\" />;
|
||||
"
|
||||
`;
|
||||
|
||||
exports[`hug.js 1`] = `
|
||||
"<div>
|
||||
{__DEV__
|
||||
|
@ -279,7 +290,7 @@ exports[`parens.js 1`] = `
|
|||
<path
|
||||
key='1'
|
||||
d='M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,'
|
||||
/>,
|
||||
/>,
|
||||
];
|
||||
|
||||
<div {...((foo || foo === null) ? {foo} : null)} />
|
||||
|
@ -305,7 +316,7 @@ exports[`quotes.js 1`] = `
|
|||
<div id={'\\\\'\\""<>&quot;'} />;
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
<div id=\\""'<>&quot;\\" />;
|
||||
<div id=\\""'<>&quot;\\" />;
|
||||
<div id=\\""'<>&quot;\\" />;
|
||||
<div id={\\"'\\\\\\""<>&quot;\\"} />;
|
||||
"
|
||||
`;
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
export default () => <a href="https://foo.bar?q1=foo&q2=bar" />;
|
||||
|
||||
() => <img src="https://bar.foo?param1=1¶m2=2" />;
|
|
@ -1 +1 @@
|
|||
run_spec(__dirname, null, ["typescript"]);
|
||||
run_spec(__dirname, null, ["babylon", "typescript"]);
|
||||
|
|
|
@ -6,7 +6,7 @@ a = [
|
|||
<path
|
||||
key='1'
|
||||
d='M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,M13.6,10.6l,4-2.8L9.5,'
|
||||
/>,
|
||||
/>,
|
||||
];
|
||||
|
||||
<div {...((foo || foo === null) ? {foo} : null)} />
|
||||
|
|
Loading…
Reference in New Issue