Mirrors/dioxus
2
0
Fork 0
mirror of https://github.com/DioxusLabs/dioxus synced 2025-02-17 06:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #828 from Demonthos/ssr-escape-text

Browse source
This commit is contained in:
Jon Kelley 2023-02-14 11:35:49 -08:00 committed by GitHub
commit 8c5dd33729
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/ssr/Cargo.toml
View file

@ -14,6 +14,7 @@ keywords = ["dom", "ui", "gui", "react", "ssr"]
[dependencies] [dependencies]
dioxus-core = { path = "../core", version = "^0.3.0", features = ["serialize"] } dioxus-core = { path = "../core", version = "^0.3.0", features = ["serialize"] }
askama_escape = "0.10.3"
[dev-dependencies] [dev-dependencies]
dioxus = { path = "../dioxus", version = "0.3.0" } dioxus = { path = "../dioxus", version = "0.3.0" }

8
packages/ssr/src/cache.rs
View file

@ -82,7 +82,13 @@ impl StringCache {
} }
cur_path.pop(); cur_path.pop();
} }
TemplateNode::Text { text } => write!(chain, "{text}")?, TemplateNode::Text { text } => {
write!(
chain,
"{}",
askama_escape::escape(text, askama_escape::Html)
)?;
}
TemplateNode::Dynamic { id: idx } | TemplateNode::DynamicText { id: idx } => { TemplateNode::Dynamic { id: idx } | TemplateNode::DynamicText { id: idx } => {
chain.segments.push(Segment::Node(*idx)) chain.segments.push(Segment::Node(*idx))
} }

15
packages/ssr/src/renderer.rs
View file

@ -104,8 +104,11 @@ impl Renderer {
write!(buf, "<!--#-->")?; write!(buf, "<!--#-->")?;
} }
// todo: escape the text write!(
write!(buf, "{}", text.value)?; buf,
"{}",
askama_escape::escape(text.value, askama_escape::Html)
)?;
if self.pre_render { if self.pre_render {
write!(buf, "<!--#-->")?; write!(buf, "<!--#-->")?;
@ -138,7 +141,7 @@ fn to_string_works() {
fn app(cx: Scope) -> Element { fn app(cx: Scope) -> Element {
let dynamic = 123; let dynamic = 123;
let dyn2 = "</diiiiiiiiv>"; // todo: escape this let dyn2 = "</diiiiiiiiv>"; // this should be escaped
render! { render! {
div { class: "asdasdasd", class: "asdasdasd", id: "id-{dynamic}", div { class: "asdasdasd", class: "asdasdasd", id: "id-{dynamic}",
@ -165,10 +168,10 @@ fn to_string_works() {
vec![ vec![
PreRendered("<div class=\"asdasdasd\" class=\"asdasdasd\"".into(),), PreRendered("<div class=\"asdasdasd\" class=\"asdasdasd\"".into(),),
Attr(0,), Attr(0,),
PreRendered(">Hello world 1 -->".into(),), PreRendered(">Hello world 1 --&gt;".into(),),
Node(0,), Node(0,),
PreRendered( PreRendered(
"<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>".into(), "&lt;-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>".into(),
), ),
Node(1,), Node(1,),
Node(2,), Node(2,),
@ -180,5 +183,5 @@ fn to_string_works() {
use Segment::*; use Segment::*;
assert_eq!(out, "<div class=\"asdasdasd\" class=\"asdasdasd\" id=\"id-123\">Hello world 1 -->123<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div></diiiiiiiiv><div>finalize 0</div><div>finalize 1</div><div>finalize 2</div><div>finalize 3</div><div>finalize 4</div></div>"); assert_eq!(out, "<div class=\"asdasdasd\" class=\"asdasdasd\" id=\"id-123\">Hello world 1 --&gt;123&lt;-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>&lt;/diiiiiiiiv&gt;<div>finalize 0</div><div>finalize 1</div><div>finalize 2</div><div>finalize 3</div><div>finalize 4</div></div>");
} }

2
packages/ssr/tests/simple.rs
View file

@ -38,7 +38,7 @@ fn dynamic() {
dioxus_ssr::render_lazy(rsx! { dioxus_ssr::render_lazy(rsx! {
div { "Hello world 1 -->" "{dynamic}" "<-- Hello world 2" } div { "Hello world 1 -->" "{dynamic}" "<-- Hello world 2" }
}), }),
"<div>Hello world 1 -->123<-- Hello world 2</div>" "<div>Hello world 1 --&gt;123&lt;-- Hello world 2</div>"
); );
} }