-
Notifications
You must be signed in to change notification settings - Fork 214
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HtmlEncoding consistent with rules in handlebars.js #473
HtmlEncoding consistent with rules in handlebars.js #473
Conversation
What’s the behavior in the JS library for the Chinese characters? |
I have no idea. Or any idea of how to figure it out. On http://tryhandlebarsjs.com/ with "expression with raw HTML" Any insight here @zjklee or @tonysneed ? |
I had another look, still cant test if I'm correct. https://github.com/handlebars-lang/handlebars.js/blob/master/lib/handlebars/utils.js const escape = {
'&': '&',
'<': '<',
'>': '>',
'"': '"',
"'": ''',
'`': '`',
'=': '='
};
const badChars = /[&<>"'`=]/g,
possible = /[&<>"'`=]/;
function escapeChar(chr) {
return escape[chr];
}
[...]
export function escapeExpression(string) {
if (typeof string !== 'string') {
// don't escape SafeStrings, since they're already safe
if (string && string.toHTML) {
return string.toHTML();
} else if (string == null) {
return '';
} else if (!string) {
return string + '';
}
// Force a string conversion as this will be done by the append regardless and
// the regex test will do this transparently behind the scenes, causing issues if
// an object's to string has escaped characters in it.
string = '' + string;
}
if (!possible.test(string)) {
return string;
}
return string.replace(badChars, escapeChar);
} https://github.com/Handlebars-Net/Handlebars.Net/blob/master/source/Handlebars/IO/HtmlEncoder.cs [...]
private static void EncodeImpl<T>(T text, TextWriter target) where T: IEnumerator<char>
{
while (text.MoveNext())
{
var value = text.Current;
switch (value)
{
case '"':
target.Write(""");
break;
case '&':
target.Write("&");
break;
case '<':
target.Write("<");
break;
case '>':
target.Write(">");
break;
default:
if (value > 159)
{
target.Write("&#");
target.Write((int)value);
target.Write(";");
}
else target.Write(value);
break;
}
}
} |
5fffc26
to
5b68f40
Compare
Cleaned up branch. The two commits now address 2 separate issues. Commit: Commit: |
@tonysneed That, I believe, is the $1,000 question for this pull request. Under assumption: Existing encoding rules in Handlebars.Net is correct (https://github.com/Handlebars-Net/Handlebars.Net/blob/master/source/Handlebars/IO/HtmlEncoder.cs). Under assumption: Encoding rules in JavaScript repo is correct (https://github.com/handlebars-lang/handlebars.js/blob/master/lib/handlebars/utils.js). Maintainers (so @rexm and/or @zjklee) should decide the direction for this. |
@tommysor , thanks for taking time for creating the PR. |
5b68f40
to
a2dd13a
Compare
Add feature toggle
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please also add corresponding documentation to the README?
Added section to README. |
Rebase your branch to the latest |
UseLegacyHandlebarsNetHtmlEncoding was set to false.
Add unit tests for overloads.
Run BasicIntegrationTests with new version of HtmlEncoder.
Head branch was pushed to by a user without write access
e679fd4
to
2fee90c
Compare
Kudos, SonarCloud Quality Gate passed! |
The original issue this PR was intended to solve have been fixed in PR #477.
This PR now deals with general rules for encoding in Handlebars.Net vs handlebars.js.
Using this PR since it contains the history of how this change came to be.
[WIP] Configuration.NoEscape inconsistent fixRegarding issue: HandlebarsDotNet.Handlebars.Configuration.NoEscape Applied Inconsistently #468Change in commit:Reset SuppressEncoding to configured instead of false.
(old)UnencodedStatementVisitor resets value to previous
(new) makes both tests forHandlebars_Should_Encode_Chinese
pass.Both tests forHandlebars_Should_Not_Encode_Chinese
still fail (output is Chinese characters, rather than expected &#xxxx;).I don't know if this should be considered correct behavior, or possibly a separate issue.
Looking forward to your comments.