Merge pull request #1086 from sveltejs/gh-1082

Rich-Harris · web-flow · commit 8d04da6839be · 2018-01-08T22:03:53.000-05:00
[WIP] Fix HTML escaping and non-top-level &lt;script&gt; and &lt;style&gt; issues
diff --git a/src/generators/nodes/Element.ts b/src/generators/nodes/Element.ts
@@ -432,6 +432,10 @@ export default class Element extends Node {
 
 			if (isVoidElementName(node.name)) return open + '>';
 
+			if (node.name === 'script' || node.name === 'style') {
+				return `${open}>${node.data}</${node.name}>`;
+			}
+
 			return `${open}>${node.children.map(toHTML).join('')}</${node.name}>`;
 		}
 	}
@@ -756,4 +760,4 @@ const events = [
 			node.isMediaNode() &&
 			(name === 'buffered' || name === 'seekable')
 	}
-];
+];
diff --git a/src/generators/server-side-rendering/visitors/Element.ts b/src/generators/server-side-rendering/visitors/Element.ts
@@ -60,6 +60,8 @@ export default function visitElement(
 
 	if (node.name === 'textarea' && textareaContents !== undefined) {
 		generator.append(textareaContents);
+	} else if (node.name === 'script' || node.name === 'style') {
+		generator.append(node.data);
 	} else {
 		node.children.forEach((child: Node) => {
 			visit(generator, block, child);
diff --git a/src/parse/state/tag.ts b/src/parse/state/tag.ts
@@ -213,6 +213,7 @@ export default function tag(parser: Parser) {
 	parser.eat('>', true);
 
 	if (selfClosing) {
+		// don't push self-closing elements onto the stack
 		element.end = parser.index;
 	} else if (name === 'textarea') {
 		// special case
@@ -223,8 +224,12 @@ export default function tag(parser: Parser) {
 		);
 		parser.read(/<\/textarea>/);
 		element.end = parser.index;
+	} else if (name === 'script' || name === 'style') {
+		// special case
+		element.data = parser.readUntil(new RegExp(`</${name}>`));
+		parser.eat(`</${name}>`, true);
+		element.end = parser.index;
 	} else {
-		// don't push self-closing elements onto the stack
 		parser.stack.push(element);
 	}
 }
diff --git a/src/utils/stringify.ts b/src/utils/stringify.ts
@@ -9,13 +9,11 @@ export function escape(data: string, { onlyEscapeAtSymbol = false } = {}) {
 }
 
 const escaped = {
-	'"': '&quot;',
-	"'": '&##39;',
 	'&': '&amp;',
 	'<': '&lt;',
-	'>': '&gt;'
+	'>': '&gt;',
 };
 
 export function escapeHTML(html) {
-	return String(html).replace(/["'&<>]/g, match => escaped[match]);
-}
+	return String(html).replace(/[&<>]/g, match => escaped[match]);
+}
diff --git a/test/runtime/samples/html-non-entities-inside-elements/_config.js b/test/runtime/samples/html-non-entities-inside-elements/_config.js
@@ -0,0 +1,5 @@
+export default {
+	html: `
+		<div>'foo'<span/></div>
+	`
+};
diff --git a/test/runtime/samples/html-non-entities-inside-elements/main.html b/test/runtime/samples/html-non-entities-inside-elements/main.html
@@ -0,0 +1 @@
+<div>'foo'<span/></div>
diff --git a/test/server-side-rendering/samples/component-data-empty/_actual.html b/test/server-side-rendering/samples/component-data-empty/_actual.html
@@ -1,3 +1,3 @@
 <div>
-	<p>foo: &#39;&#39;</p>
+	<p>foo: ''</p>
 </div>

Original file line number	Diff line number	Diff line change
`@@ -432,6 +432,10 @@ export default class Element extends Node {`
`432`	`432`
`433`	`433`	`if (isVoidElementName(node.name)) return open + '>';`
`434`	`434`
	`435`	`+ if (node.name === 'script' \|\| node.name === 'style') {`
	`436`	+ return `${open}>${node.data}</${node.name}>`;
	`437`	`+ }`
	`438`	`+`
`435`	`439`	return `${open}>${node.children.map(toHTML).join('')}</${node.name}>`;
`436`	`440`	`}`
`437`	`441`	`}`
`@@ -756,4 +760,4 @@ const events = [`
`756`	`760`	`node.isMediaNode() &&`
`757`	`761`	`(name === 'buffered' \|\| name === 'seekable')`
`758`	`762`	`}`
`759`		`-];`
	`763`	`+];`