Mirrors/leptos
2
0
Fork 0
mirror of https://github.com/leptos-rs/leptos synced 2024-09-20 06:21:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: correctly escape HTML in DynChild text nodes (closes #1475) (#1478)

Browse source
This commit is contained in:
Greg Johnston 2023-08-01 13:22:24 -04:00 committed by GitHub
parent 8847d5fc42
commit f837d3e6a2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
leptos_dom/src/ssr.rs
View file

@ -405,11 +405,14 @@ impl View {
self,
dont_escape_text: bool,
) -> Cow<'static, str> {
println!("render_to_string_helper {:?}", self);
match self {
View::Text(node) => {
if dont_escape_text {
println!("don't escape {:?}", node.content);
node.content
} else {
println!("encode_safe {:?}", node.content);
html_escape::encode_safe(&node.content).to_string().into()
}
}
@ -492,9 +495,17 @@ impl View {
// browser create the dynamic text as it's own text node
if let View::Text(t) = child {
if !cfg!(debug_assertions) {
format!("<!>{}", t.content).into()
format!(
"<!>{}",
html_escape::encode_safe(
&t.content
)
)
.into()
} else {
t.content
html_escape::encode_safe(&t.content)
.to_string()
.into()
}
} else {
child.render_to_string_helper(

8
leptos_dom/src/ssr_in_order.rs
View file

@ -438,12 +438,16 @@ impl View {
StreamChunk::Sync(
format!(
"<!>{}",
content
html_escape::encode_safe(
&content
)
)
.into(),
)
} else {
StreamChunk::Sync(content)
StreamChunk::Sync(html_escape::encode_safe(
&content
).to_string().into())
},
);
} else {