Escape content passed to single arity tags
This commit is contained in:
parent
465479d57f
commit
0521aa2aad
3 changed files with 18 additions and 2 deletions
|
@ -64,7 +64,7 @@ defmodule Temple do
|
||||||
quote do
|
quote do
|
||||||
Temple.Utils.put_buffer(
|
Temple.Utils.put_buffer(
|
||||||
var!(buff, Temple.Tags),
|
var!(buff, Temple.Tags),
|
||||||
unquote(text) |> to_string |> Phoenix.HTML.html_escape() |> Phoenix.HTML.safe_to_string()
|
unquote(text) |> Temple.Utils.escape_content()
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,7 +8,7 @@ defmodule Temple.Utils do
|
||||||
def put_open_tag(buff, el, content)
|
def put_open_tag(buff, el, content)
|
||||||
when is_binary(content) or is_number(content) or is_atom(content) do
|
when is_binary(content) or is_number(content) or is_atom(content) do
|
||||||
put_buffer(buff, "<#{el}>")
|
put_buffer(buff, "<#{el}>")
|
||||||
put_buffer(buff, content)
|
put_buffer(buff, escape_content(content))
|
||||||
end
|
end
|
||||||
|
|
||||||
def put_close_tag(buff, el) do
|
def put_close_tag(buff, el) do
|
||||||
|
@ -53,4 +53,11 @@ defmodule Temple.Utils do
|
||||||
def put_buffer(buff, content), do: Agent.update(buff, &[content | &1])
|
def put_buffer(buff, content), do: Agent.update(buff, &[content | &1])
|
||||||
def get_buffer(buff), do: Agent.get(buff, & &1)
|
def get_buffer(buff), do: Agent.get(buff, & &1)
|
||||||
def stop_buffer(buff), do: Agent.stop(buff)
|
def stop_buffer(buff), do: Agent.stop(buff)
|
||||||
|
|
||||||
|
def escape_content(content) do
|
||||||
|
content
|
||||||
|
|> to_string
|
||||||
|
|> Phoenix.HTML.html_escape()
|
||||||
|
|> Phoenix.HTML.safe_to_string()
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -30,6 +30,15 @@ defmodule Temple.TagsTest do
|
||||||
assert result == "<#{unquote(tag)}>Hi</#{unquote(tag)}>"
|
assert result == "<#{unquote(tag)}>Hi</#{unquote(tag)}>"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "renders a #{tag} with escaped content" do
|
||||||
|
{:safe, result} =
|
||||||
|
temple do
|
||||||
|
unquote(tag)("<div>1</div>")
|
||||||
|
end
|
||||||
|
|
||||||
|
assert result == "<#{unquote(tag)}><div>1</div></#{unquote(tag)}>"
|
||||||
|
end
|
||||||
|
|
||||||
test "renders a #{tag} with attrs and content" do
|
test "renders a #{tag} with attrs and content" do
|
||||||
{:safe, result} =
|
{:safe, result} =
|
||||||
temple do
|
temple do
|
||||||
|
|
Reference in a new issue