fix escape HTML in ftd.text (#1296)

* fix escape HTML in ftd.text * added more characters in escape map * fixed tests * fixed test
fastn-stack · Sep 11, 2023 · cc6c4d0 · cc6c4d0
1 parent 4a404d5
commit cc6c4d0
Show file tree

Hide file tree

Showing 13 changed files with 138 additions and 54 deletions.
diff --git a/fastn-js/js/dom.js b/fastn-js/js/dom.js
@@ -1836,8 +1836,7 @@ class Node2 {
         } else if (kind === fastn_dom.PropertyKind.StringValue) {
             this.#rawInnerValue = staticValue;
             if (!ssr) {
-                let escapedHtmlValue = fastn_utils.escapeHtmlInMarkdown(staticValue);
-                staticValue = fastn_utils.markdown_inline(escapedHtmlValue);
+                staticValue = fastn_utils.markdown_inline(staticValue);
                 staticValue = fastn_utils.process_post_markdown(this.#node, staticValue);
             }
             this.#node.innerHTML = staticValue;

diff --git a/fastn-js/js/utils.js b/fastn-js/js/utils.js
@@ -421,21 +421,22 @@ let fastn_utils = {
     },
 
     escapeHtmlInMarkdown(str) {
+        if(typeof str !== 'string') {
+            return str;
+        }
+
         let result = "";
         let ch_map = {
-            '<': "&lt;"
+            '<': "&lt;",
+            '>': "&gt;",
+            '&': "&amp;",
+            '"': "&quot;",
+            "'": "&#39;",
+            '/': "&#47;",
         };
-        // To avoid replacing html characters inside <code> body
-        let backtick_found = false;
         for (var i = 0; i < str.length; i++) {
             let current = str[i];
-            if (current === '`') backtick_found = !backtick_found;
-            if (ch_map[current] !== undefined && !backtick_found) {
-                result += ch_map[current];
-            }
-            else {
-                result += current;
-            }
+            result += ch_map[current] ?? current;
         }
         return result;
     },

diff --git a/fastn-js/js/virtual.js b/fastn-js/js/virtual.js
@@ -68,7 +68,7 @@ class Node {
     toHtmlAsString() {
         const openingTag = `<${this.#tagName}${this.getDataIdString()}${this.getAttributesString()}${this.getClassString()}${this.getStyleString()}>`;
         const closingTag = `</${this.#tagName}>`;
-        const innerHTML = this.innerHTML;
+        const innerHTML = fastn_utils.escapeHtmlInMarkdown(this.innerHTML);
         const childNodes = this.#children.map(child => child.toHtmlAsString()).join('');
 
         return `${openingTag}${innerHTML}${childNodes}${closingTag}`;

diff --git a/ftd/t/js/01-basic.html b/ftd/t/js/01-basic.html
diff --git a/ftd/t/js/03-common-properties.html b/ftd/t/js/03-common-properties.html
diff --git a/ftd/t/js/09-text-properties.html b/ftd/t/js/09-text-properties.html
diff --git a/ftd/t/js/18-rive.html b/ftd/t/js/18-rive.html
diff --git a/ftd/t/js/31-advance-list.html b/ftd/t/js/31-advance-list.html
diff --git a/ftd/t/js/46-code-languages.html b/ftd/t/js/46-code-languages.html