Escape content passed to single arity tags

This commit is contained in:
Mitchell Hanberg 2019-08-07 21:08:16 -04:00
parent 465479d57f
commit 0521aa2aad
3 changed files with 18 additions and 2 deletions

View file

@ -64,7 +64,7 @@ defmodule Temple do
quote do quote do
Temple.Utils.put_buffer( Temple.Utils.put_buffer(
var!(buff, Temple.Tags), var!(buff, Temple.Tags),
unquote(text) |> to_string |> Phoenix.HTML.html_escape() |> Phoenix.HTML.safe_to_string() unquote(text) |> Temple.Utils.escape_content()
) )
end end
end end

View file

@ -8,7 +8,7 @@ defmodule Temple.Utils do
def put_open_tag(buff, el, content) def put_open_tag(buff, el, content)
when is_binary(content) or is_number(content) or is_atom(content) do when is_binary(content) or is_number(content) or is_atom(content) do
put_buffer(buff, "<#{el}>") put_buffer(buff, "<#{el}>")
put_buffer(buff, content) put_buffer(buff, escape_content(content))
end end
def put_close_tag(buff, el) do def put_close_tag(buff, el) do
@ -53,4 +53,11 @@ defmodule Temple.Utils do
def put_buffer(buff, content), do: Agent.update(buff, &[content | &1]) def put_buffer(buff, content), do: Agent.update(buff, &[content | &1])
def get_buffer(buff), do: Agent.get(buff, & &1) def get_buffer(buff), do: Agent.get(buff, & &1)
def stop_buffer(buff), do: Agent.stop(buff) def stop_buffer(buff), do: Agent.stop(buff)
def escape_content(content) do
content
|> to_string
|> Phoenix.HTML.html_escape()
|> Phoenix.HTML.safe_to_string()
end
end end

View file

@ -30,6 +30,15 @@ defmodule Temple.TagsTest do
assert result == "<#{unquote(tag)}>Hi</#{unquote(tag)}>" assert result == "<#{unquote(tag)}>Hi</#{unquote(tag)}>"
end end
test "renders a #{tag} with escaped content" do
{:safe, result} =
temple do
unquote(tag)("<div>1</div>")
end
assert result == "<#{unquote(tag)}>&lt;div&gt;1&lt;/div&gt;</#{unquote(tag)}>"
end
test "renders a #{tag} with attrs and content" do test "renders a #{tag} with attrs and content" do
{:safe, result} = {:safe, result} =
temple do temple do