Fixed double encoding in nested components

putyourlightson · Oct 21, 2021 · d348e41 · d348e41
1 parent d4c8157
commit d348e41
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Release Notes for Sprig Core
 
+## 1.1.3 - 2021-10-21
+### Fixed
+- Fixed a bug in which attributes could be double encoded in nested components ([#176](https://github.com/putyourlightson/craft-sprig/issues/176), [#178](https://github.com/putyourlightson/craft-sprig/issues/178)). 
+
 ## 1.1.2 - 2021-10-20
 ### Fixed
 - Fixed a bug in which using `s-action` could throw an exception when parsed ([#177](https://github.com/putyourlightson/craft-sprig/issues/177)). 

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
     "name": "putyourlightson/craft-sprig-core",
     "description": "A reactive Twig component framework for Craft.",
-    "version": "1.1.2",
+    "version": "1.1.3",
     "type": "craft-module",
     "license": "mit",
     "require": {

diff --git a/src/helpers/HtmlHelper.php b/src/helpers/HtmlHelper.php
@@ -0,0 +1,21 @@
+<?php
+/**
+ * @copyright Copyright (c) PutYourLightsOn
+ */
+
+namespace putyourlightson\sprig\helpers;
+
+use craft\helpers\Html;
+use Yii;
+
+class HtmlHelper extends Html
+{
+    /**
+     * Encodes special characters into HTML entities without double encoding by default.
+     * Using this helps prevent double encoding in nested Sprig components.
+     */
+    public static function encode($content, $doubleEncode = false): string
+    {
+        return htmlspecialchars($content, ENT_QUOTES | ENT_SUBSTITUTE, Yii::$app ? Yii::$app->charset : 'UTF-8', $doubleEncode);
+    }
+}
diff --git a/src/services/ComponentsService.php b/src/services/ComponentsService.php
@@ -8,7 +8,6 @@
 use Craft;
 use craft\base\Component as BaseComponent;
 use craft\base\ElementInterface;
-use craft\helpers\Html;
 use craft\helpers\Json;
 use craft\helpers\StringHelper;
 use craft\helpers\Template;
@@ -18,6 +17,7 @@
 use putyourlightson\sprig\base\Component;
 use putyourlightson\sprig\errors\InvalidVariableException;
 use putyourlightson\sprig\events\ComponentEvent;
+use putyourlightson\sprig\helpers\HtmlHelper;
 use putyourlightson\sprig\Sprig;
 use putyourlightson\sprig\plugin\components\SprigPlayground;
 use Twig\Markup;
@@ -149,7 +149,7 @@ public function create(string $value, array $variables = [], array $attributes =
 
         $this->_parseAttributes($attributes);
 
-        $event->output = Html::tag('div', $content, $attributes);
+        $event->output = HtmlHelper::tag('div', $content, $attributes);
 
         if ($this->hasEventHandlers(self::EVENT_AFTER_CREATE_COMPONENT)) {
             $this->trigger(self::EVENT_AFTER_CREATE_COMPONENT, $event);
@@ -233,16 +233,16 @@ private function _getParseableTags(string $content): array
     private function _getParsedTag(string $tag)
     {
         try {
-            $attributes = Html::parseTagAttributes($tag);
+            $attributes = HtmlHelper::parseTagAttributes($tag);
         }
         catch (InvalidArgumentException $exception) {
             return null;
         }
 
-        $name = substr($tag, 1, strpos($tag, ' '));
+        $name = substr($tag, 1, strpos($tag, ' ') - 1);
         $this->_parseAttributes($attributes);
 
-        return '<' . $name . Html::renderTagAttributes($attributes) . '>';
+        return HtmlHelper::beginTag($name, $attributes);
     }
 
     /**

diff --git a/tests/unit/services/ComponentsTest.php b/tests/unit/services/ComponentsTest.php
@@ -134,23 +134,23 @@ public function testGetParsedTagAttributesWithData()
 
     public function testGetParsedTagAttributesVals()
     {
-        $html = '<div sprig s-val:x-y-z="a" s-vals=\'{"limit":1}\'></div>';
+        $html = '<div s-val:x-y-z="a" s-vals=\'{"limit":1}\'></div>';
         $html = Sprig::$core->components->parse($html);
         $this->assertStringContainsString('data-hx-vals="{&quot;xYZ&quot;:&quot;a&quot;,&quot;limit&quot;:1}"', $html);
     }
 
-    public function testGetParsedTagAttributesValsWithBrackets()
+    public function testGetParsedTagAttributesValsWithEncoded()
     {
-        $html = '<div s-val:fields[x-y-z]="a"></div>';
+        $html = '<div s-val:x-y-z="a" s-vals=\'{&quot;limit&quot;:1}\'></div>';
         $html = Sprig::$core->components->parse($html);
-        $this->assertStringContainsString('data-hx-vals="{&quot;fields[xYZ]&quot;:&quot;a&quot;}"', $html);
+        $this->assertStringContainsString('data-hx-vals="{&quot;xYZ&quot;:&quot;a&quot;,&quot;limit&quot;:1}"', $html);
     }
 
-    public function testGetParsedTagAttributesValsWithEncoded()
+    public function testGetParsedTagAttributesValsWithBrackets()
     {
-        $html = '<div s-vals=\'{&quot;limit&quot;:1}\'></div>';
+        $html = '<div s-val:fields[x-y-z]="a"></div>';
         $html = Sprig::$core->components->parse($html);
-        $this->assertStringContainsString('data-hx-vals="{&quot;limit&quot;:1}"', $html);
+        $this->assertStringContainsString('data-hx-vals="{&quot;fields[xYZ]&quot;:&quot;a&quot;}"', $html);
     }
 
     public function testGetParsedTagAttributesValsEncodedAndSanitized()
@@ -183,7 +183,7 @@ public function testGetParsedTagAttributesDuplicateIds()
 
     public function testGetParsedTagAttributesComment()
     {
-        $html = '<!-- comment mentioning sprig -->';
+        $html = '<!-- Comment mentioning sprig -->';
         $result = Sprig::$core->components->parse($html);
         $this->assertEquals($html, $result);
     }