Mirrors/dioxus
2
0
Fork 0
mirror of https://github.com/DioxusLabs/dioxus synced 2024-11-23 04:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #828 from Demonthos/ssr-escape-text

Browse source
This commit is contained in:
Jon Kelley 2023-02-14 11:35:49 -08:00 committed by GitHub
commit 8c5dd33729
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/ssr/Cargo.toml
View file

@ -14,6 +14,7 @@ keywords = ["dom", "ui", "gui", "react", "ssr"]
[dependencies]
dioxus-core = { path = "../core", version = "^0.3.0", features = ["serialize"] }
askama_escape = "0.10.3"
[dev-dependencies]
dioxus = { path = "../dioxus", version = "0.3.0" }

8
packages/ssr/src/cache.rs
View file

@ -82,7 +82,13 @@ impl StringCache {
}
cur_path.pop();
}
TemplateNode::Text { text } => write!(chain, "{text}")?,
TemplateNode::Text { text } => {
write!(
chain,
"{}",
askama_escape::escape(text, askama_escape::Html)
)?;
}
TemplateNode::Dynamic { id: idx } | TemplateNode::DynamicText { id: idx } => {
chain.segments.push(Segment::Node(*idx))
}

15
packages/ssr/src/renderer.rs
View file

@ -104,8 +104,11 @@ impl Renderer {
write!(buf, "<!--#-->")?;
}
// todo: escape the text
write!(buf, "{}", text.value)?;
write!(
buf,
"{}",
askama_escape::escape(text.value, askama_escape::Html)
)?;
if self.pre_render {
write!(buf, "<!--#-->")?;
@ -138,7 +141,7 @@ fn to_string_works() {
fn app(cx: Scope) -> Element {
let dynamic = 123;
let dyn2 = "</diiiiiiiiv>"; // todo: escape this
let dyn2 = "</diiiiiiiiv>"; // this should be escaped
render! {
div { class: "asdasdasd", class: "asdasdasd", id: "id-{dynamic}",
@ -165,10 +168,10 @@ fn to_string_works() {
vec![
PreRendered("<div class=\"asdasdasd\" class=\"asdasdasd\"".into(),),
Attr(0,),
PreRendered(">Hello world 1 -->".into(),),
PreRendered(">Hello world 1 --&gt;".into(),),
Node(0,),
PreRendered(
"<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>".into(),
"&lt;-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>".into(),
),
Node(1,),
Node(2,),
@ -180,5 +183,5 @@ fn to_string_works() {
use Segment::*;
assert_eq!(out, "<div class=\"asdasdasd\" class=\"asdasdasd\" id=\"id-123\">Hello world 1 -->123<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div></diiiiiiiiv><div>finalize 0</div><div>finalize 1</div><div>finalize 2</div><div>finalize 3</div><div>finalize 4</div></div>");
assert_eq!(out, "<div class=\"asdasdasd\" class=\"asdasdasd\" id=\"id-123\">Hello world 1 --&gt;123&lt;-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>&lt;/diiiiiiiiv&gt;<div>finalize 0</div><div>finalize 1</div><div>finalize 2</div><div>finalize 3</div><div>finalize 4</div></div>");
}

2
packages/ssr/tests/simple.rs
View file

@ -38,7 +38,7 @@ fn dynamic() {
dioxus_ssr::render_lazy(rsx! {
div { "Hello world 1 -->" "{dynamic}" "<-- Hello world 2" }
}),
"<div>Hello world 1 -->123<-- Hello world 2</div>"
"<div>Hello world 1 --&gt;123&lt;-- Hello world 2</div>"
);
}