Greater and less than signs in attribute strings are converted to HTML entities. #4

Closed
Anaphase opened this Issue Jun 2, 2013 · 8 comments

Comments

Projects
None yet
2 participants
Contributor

Anaphase commented Jun 2, 2013

div @show("todos.length > 0") compiles to <div ng-show="todos.length &gt; 0"></div>, which breaks Angular. Is there currently a way around this?

Contributor

Anaphase commented Jun 2, 2013

I looks like all HTML entities are converted everywhere:

button.close '&times;' compiles to <button class="close">&amp;times;</button>

Is this a necessary limitation? Seems to be causing lots of problems for me, and I can't figure out a way around it.

Contributor

Anaphase commented Jun 2, 2013

Okay, it looks like I can use backtick escaping to fix the second example (button.close &times;), but that seems less than ideal and doesn't fix the first example.

Contributor

Anaphase commented Jun 2, 2013

Alright, after some further testing it appears that div @show("todos.length > 0") compiling to <div ng-show="todos.length &gt; 0"></div> actually doesn't break Angular. My problem was elsewhere. However, I still feel like this issue could be problematic in other use cases.

Owner

padolsey commented Jun 2, 2013

This is an interesting issue. Either we abandon automatic HTML escaping or we keep it (for single/double quotes, and backticks never escape). I'm not really sure what to do because I can see merits with both.

It is a pain, when composing SIML, to escape my own content -- e.g. it's nice to be able to just type '&' for an ampersand instead of '&' but I can see your argument to.

I'll have a think about this. Maybe there should be an additional escaping prefix/operator to force escaping, otherwise nothing is escaped. e.g. ( using minus operator, similar to underscore.js' <%-Blah%>)

div a -' a > b > c'  // <div><a>a &gt; b &gt; c</a></div> 
div a 'a > b > c'    // <div><a>a > b > c</a></div>
Contributor

Anaphase commented Jun 4, 2013

I like the idea of the special non-escaping prefix. However, since we already have a "raw string" operator with the backticks, could we not just enable something like this instead?

div @show(`todos.length > 0`) // <div ng-show="todos.length > 0"></div>

(Currently, the line above compiles to <div ng-show="%%__HTML_TOKEN___%%0"></div>) I have no idea how language parsers work or if that's even feasible, but it seems like a smart idea to re-use the backtick operator here. I dunno.

Owner

padolsey commented Jun 4, 2013

Ah, ok. I see the problem. You should indeed be able to use back-ticks within directives and attributes -- working on a fix now..

@padolsey padolsey added a commit that referenced this issue Jun 4, 2013

@padolsey padolsey Fix issue where backticked directive/attribute values were not being …
…parsed correctly (and left unescaped). Add tests too. Re: issue #4
0f5197c
Owner

padolsey commented Jun 4, 2013

Just pushed a fix and bumped version to 0.3.4. The div @show(todos.length > 0) snippet should work correctly now.

Contributor

Anaphase commented Jun 4, 2013

Awesome! Thanks for your help!

Anaphase closed this Jun 4, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment