Infrastructure/astro
0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2025-03-24 23:21:57 -05:00
Code Issues Activity

fix: regression for astro attributes escaping (#10728)

Browse source
This commit is contained in:
Emanuele Stoppa 2024-04-09 12:37:06 +01:00 committed by GitHub
parent b21b3ba307
commit f508c4b7d5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/large-knives-confess.md Normal file
View file

@ -0,0 +1,5 @@
---
"astro": patch
---
Fixes a regression where some very **specific** code rendered using `expressive-code` was not escaped properly.

9
packages/astro/src/runtime/server/render/util.ts
View file

@ -105,7 +105,7 @@ Make sure to use the static attribute syntax (\`${key}={value}\`) instead of the
}
// Prevents URLs in attributes from being escaped in static builds
if (typeof value === 'string' && value.includes('&') && urlCanParse(value)) {
if (typeof value === 'string' && value.includes('&') && isHttpUrl(value)) {
return markHTMLString(` ${key}="${toAttributeString(value, false)}"`);
}
@ -247,10 +247,11 @@ export function promiseWithResolvers<T = any>(): PromiseWithResolvers<T> {
};
}
function urlCanParse(url: string) {
const VALID_PROTOCOLS = ['http:', 'https:'];
function isHttpUrl(url: string) {
try {
new URL(url);
return true;
const parsedUrl = new URL(url);
return VALID_PROTOCOLS.includes(parsedUrl.protocol);
} catch {
return false;
}

6
packages/astro/test/astro-attrs.test.js
View file

@ -37,6 +37,12 @@ describe('Attributes', async () => {
true
);
// cheerio will unescape the values, so checking that the url rendered unescaped to begin with has to be done manually
assert.equal(
html.includes('cmd: echo &#34;foo&#34; &#38;&#38; echo &#34;bar&#34; > /tmp/hello.txt'),
true
);
for (const id of Object.keys(attrs)) {
const { attribute, value } = attrs[id];
const attr = $(`#${id}`).attr(attribute);

3
packages/astro/test/fixtures/astro-attrs/src/pages/index.astro vendored
View file

@ -6,6 +6,7 @@
<span id="null" attr={null} />
<span id="undefined" attr={undefined} />
<span id="url" attr={"https://example.com/api/og?title=hello&description=somedescription"}/>
<span id="code" attr={"cmd: echo \"foo\" && echo \"bar\" > /tmp/hello.txt"} />
<!--
Per HTML spec, some attributes should be treated as booleans
These should always render <span async /> or <span /> (without a string value)
@ -19,4 +20,4 @@
-->
<span id='html-enum' draggable='true' />
<span id='html-enum-true' draggable={true} />
<span id='html-enum-false' draggable={false} />
<span id='html-enum-false' draggable={false} />