Skip to content

Preserve quote style when rendering markup content #33548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jun 15, 2021
Merged

Preserve quote style when rendering markup content #33548

merged 6 commits into from
Jun 15, 2021

Conversation

captainsafia
Copy link
Member

Fixes #20950.

When a component renders static markup like:

<input onfocus='alert(""Test"");' />
<input onfocus=""alert(""Test"");"" />
<input onfocus=""alert('Test');"" />
<p data-options='{direction: ""fromtop"", animation_duration: 25, direction: ""reverse""}'></p>

The Razor compiler interprets this collection of lines as a MarkupBlock. Unlike tag helper attributes, we don't store any information about what type of quote is used in the attributes (typically represented with an AttributeStructure enum). Instead, we indiscriminately use double quotes for all attributes on an HTML element within a markup block.

aspnetcore/src/Razor/Microsoft.AspNetCore.Razor.Language/src/Components/ComponentMarkupBlockPass.cs

Lines 330 to 335 in 3d1c0e3

Builder.Append("=\"");
// Visit Children
base.VisitDefault(node);
Builder.Append('"');

This causes issues in particular if a markup element like <input onfocus='alert("Test");' /> is rendered because we produce the incorrectly quoted <input onfocus="alert("Test");" />. To resolve this, we add a check when constructing the attribute string to preserve the original quote style designated by the user.

@captainsafia captainsafia requested a review from Pilchie as a code owner June 15, 2021 14:35
@ghost ghost added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Jun 15, 2021
@captainsafia captainsafia added area-razor.compiler and removed area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates labels Jun 15, 2021
@captainsafia captainsafia requested review from NTaylorMullen and SteveSandersonMS and removed request for Pilchie June 15, 2021 14:36
SteveSandersonMS
SteveSandersonMS approved these changes Jun 15, 2021
View reviewed changes
Copy link
Member

@SteveSandersonMS SteveSandersonMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@captainsafia captainsafia merged commit ef19746 into main Jun 15, 2021
@captainsafia captainsafia deleted the safia/fix-razor-compiler-quotation branch June 15, 2021 18:29
@ghost ghost added this to the 6.0-preview6 milestone Jun 15, 2021
@phlexpay
Copy link

data-hs-header-options='{
"fixMoment": 0,
"fixEffect": "slide"
}'

this as an attribute on a normal html element (in this case

) is still causing problems. The content is coming up as null when I try to get the string from the attribute.

@ghost
Copy link

ghost commented Aug 25, 2022

Hi @phlexpay. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SteveSandersonMS SteveSandersonMS SteveSandersonMS approved these changes

@NTaylorMullen NTaylorMullen Awaiting requested review from NTaylorMullen

+1 more reviewer

@campersau campersau campersau left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

6.0-preview6

Development

Successfully merging this pull request may close these issues.

Razor compiler produces incorrect markup content for single-quoted attributes

4 participants

@captainsafia @phlexpay @SteveSandersonMS @campersau