mirror of
https://github.com/DioxusLabs/dioxus
synced 2024-11-26 22:20:19 +00:00
Merge pull request #828 from Demonthos/ssr-escape-text
This commit is contained in:
commit
8c5dd33729
4 changed files with 18 additions and 8 deletions
|
@ -14,6 +14,7 @@ keywords = ["dom", "ui", "gui", "react", "ssr"]
|
|||
|
||||
[dependencies]
|
||||
dioxus-core = { path = "../core", version = "^0.3.0", features = ["serialize"] }
|
||||
askama_escape = "0.10.3"
|
||||
|
||||
[dev-dependencies]
|
||||
dioxus = { path = "../dioxus", version = "0.3.0" }
|
||||
|
|
|
@ -82,7 +82,13 @@ impl StringCache {
|
|||
}
|
||||
cur_path.pop();
|
||||
}
|
||||
TemplateNode::Text { text } => write!(chain, "{text}")?,
|
||||
TemplateNode::Text { text } => {
|
||||
write!(
|
||||
chain,
|
||||
"{}",
|
||||
askama_escape::escape(text, askama_escape::Html)
|
||||
)?;
|
||||
}
|
||||
TemplateNode::Dynamic { id: idx } | TemplateNode::DynamicText { id: idx } => {
|
||||
chain.segments.push(Segment::Node(*idx))
|
||||
}
|
||||
|
|
|
@ -104,8 +104,11 @@ impl Renderer {
|
|||
write!(buf, "<!--#-->")?;
|
||||
}
|
||||
|
||||
// todo: escape the text
|
||||
write!(buf, "{}", text.value)?;
|
||||
write!(
|
||||
buf,
|
||||
"{}",
|
||||
askama_escape::escape(text.value, askama_escape::Html)
|
||||
)?;
|
||||
|
||||
if self.pre_render {
|
||||
write!(buf, "<!--#-->")?;
|
||||
|
@ -138,7 +141,7 @@ fn to_string_works() {
|
|||
|
||||
fn app(cx: Scope) -> Element {
|
||||
let dynamic = 123;
|
||||
let dyn2 = "</diiiiiiiiv>"; // todo: escape this
|
||||
let dyn2 = "</diiiiiiiiv>"; // this should be escaped
|
||||
|
||||
render! {
|
||||
div { class: "asdasdasd", class: "asdasdasd", id: "id-{dynamic}",
|
||||
|
@ -165,10 +168,10 @@ fn to_string_works() {
|
|||
vec![
|
||||
PreRendered("<div class=\"asdasdasd\" class=\"asdasdasd\"".into(),),
|
||||
Attr(0,),
|
||||
PreRendered(">Hello world 1 -->".into(),),
|
||||
PreRendered(">Hello world 1 -->".into(),),
|
||||
Node(0,),
|
||||
PreRendered(
|
||||
"<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>".into(),
|
||||
"<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div>".into(),
|
||||
),
|
||||
Node(1,),
|
||||
Node(2,),
|
||||
|
@ -180,5 +183,5 @@ fn to_string_works() {
|
|||
|
||||
use Segment::*;
|
||||
|
||||
assert_eq!(out, "<div class=\"asdasdasd\" class=\"asdasdasd\" id=\"id-123\">Hello world 1 -->123<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div></diiiiiiiiv><div>finalize 0</div><div>finalize 1</div><div>finalize 2</div><div>finalize 3</div><div>finalize 4</div></div>");
|
||||
assert_eq!(out, "<div class=\"asdasdasd\" class=\"asdasdasd\" id=\"id-123\">Hello world 1 -->123<-- Hello world 2<div>nest 1</div><div></div><div>nest 2</div></diiiiiiiiv><div>finalize 0</div><div>finalize 1</div><div>finalize 2</div><div>finalize 3</div><div>finalize 4</div></div>");
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ fn dynamic() {
|
|||
dioxus_ssr::render_lazy(rsx! {
|
||||
div { "Hello world 1 -->" "{dynamic}" "<-- Hello world 2" }
|
||||
}),
|
||||
"<div>Hello world 1 -->123<-- Hello world 2</div>"
|
||||
"<div>Hello world 1 -->123<-- Hello world 2</div>"
|
||||
);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue