Add HTML escaping

author Nick Downing <downing.nick@gmail.com>

Sun, 14 Oct 2018 07:05:44 +0000 (18:05 +1100)

committer Nick Downing <nick@ndcode.org>

Tue, 30 Oct 2018 07:54:35 +0000 (18:54 +1100)
author Nick Downing <downing.nick@gmail.com>
Sun, 14 Oct 2018 07:05:44 +0000 (18:05 +1100)
committer Nick Downing <nick@ndcode.org>
Tue, 30 Oct 2018 07:54:35 +0000 (18:54 +1100)
diff --git a/package.json b/package.json

index 4fdf7bf..4fd064d 100644 (file)
--- a/package.json
+++ b/package.json
@@ -34,5 +34,8 @@
    },
    "bin": {
      "acorn": "./bin/acorn"
+  },
+  "dependencies": {
+    "html-escape": "^2.0.0"
    }
  }
diff --git a/page.jst b/page.jst

index c402fa9..c031dcd 100644 (file)
--- a/page.jst
+++ b/page.jst
@@ -1,9 +1,8 @@
-let val='something'
-return html(lang="en" my-val=val) {
+async _env => html(lang=_env.lang val=_env.val quoted-val="\"val\"") {
    head {}
    body {
      `hello
-go away
+& goodbye
  `
    }
  }
diff --git a/template.js b/template.js

index 384ce0e..816101b 100644 (file)
--- a/template.js
+++ b/template.js
@@ -1,5 +1,6 @@
  let assert = require('assert')
  let transform = require('./transform')
+let html_escape = require('html-escape')
  
  let html_body = (node, st, c) => {
    let tag, arguments
@@ -41,7 +42,7 @@ let html_body = (node, st, c) => {
      if (value_expr !== undefined) {
        prefix += '="'
        if (value_expr.type === 'Literal')
-        prefix += value_expr.value
+        prefix += html_escape(value_expr.value)
        else {
          expr1 = {
            type: 'Literal',
@@ -58,7 +59,29 @@ let html_body = (node, st, c) => {
              end: node.end
            },
            operator: '+',
-          right: value_expr
+          right: {
+            type: 'CallExpression',
+            callee: {
+              type: 'Identifier',
+              name: '_esc'
+            },
+            arguments: [
+              {
+                type: 'CallExpression',
+                callee: {
+                  type: 'MemberExpression',
+                  object: value_expr,
+                  property: {
+                    type: 'Identifier',
+                    name: 'toString'
+                  },
+                  computed: false
+                },
+                arguments: [
+                ]
+              }
+            ]
+          }
          }
          prefix = ''
        }
@@ -84,7 +107,7 @@ let html_body = (node, st, c) => {
            type: 'MemberExpression',
            object: {
              type: 'Identifier',
-            name: '_html'
+            name: '_out'
            },
            property: {
              type: 'Identifier',
@@ -114,7 +137,7 @@ let html_body = (node, st, c) => {
              type: 'MemberExpression',
              object: {
                type: 'Identifier',
-              name: '_html'
+              name: '_out'
              },
              property: {
                type: 'Identifier',
@@ -148,7 +171,7 @@ visitors.ExpressionStatement = (node, st, c) =>
          type: 'MemberExpression',
          object: {
            type: 'Identifier',
-          name: '_html'
+          name: '_out'
          },
          property: {
            type: 'Identifier',
@@ -157,7 +180,16 @@ visitors.ExpressionStatement = (node, st, c) =>
          computed: false
        },
        arguments: [
-        c(node.expression, st, 'Expression')
+        {
+          type: 'CallExpression',
+          callee: {
+            type: 'Identifier',
+            name: '_esc'
+          },
+          arguments: [
+            c(node.expression, st, 'Expression')
+          ]
+        }
        ]
      }
    } :
@@ -187,7 +219,7 @@ visitors.HTMLExpression = (node, st, c) => {
                  type: 'VariableDeclarator',
                  id: {
                    type: 'Identifier',
-                  name: '_html'
+                  name: '_out'
                  },
                  init: {
                    type: 'ArrayExpression',
@@ -209,7 +241,7 @@ visitors.HTMLExpression = (node, st, c) => {
                    type: 'MemberExpression',
                    object: {
                      type: 'Identifier',
-                    name: '_html'
+                    name: '_out'
                    },
                    property: {
                      type: 'Identifier',
diff --git a/test.js b/test.js

index 39c54c2..07c2b3a 100644 (file)
--- a/test.js
+++ b/test.js
@@ -4,18 +4,22 @@ let astring = require('astring')
  let fs = require('fs')
  let template = require('./template')
  let transform = require('./transform')
+let html_escape = require('html-escape')
  
-let page = fs.readFileSync('page.jst', {encoding: 'utf-8'})
-console.log(
-  eval(
-    astring.generate(
-      transform.transform(
-        template,
-        acorn.parse(
-          '(() => {' + page + '})()'
-        )
-      ),
-      {indent: ''}
+;(
+  async () => {
+    let _esc = html_escape, page = eval(
+      astring.generate(
+        transform.transform(
+          template,
+          acorn.parse(
+            fs.readFileSync('page.jst', {encoding: 'utf-8'})
+          )
+        ),
+        {indent: ''}
+      )
      )
-  )
-)
+
+    console.log(await page({lang: 'en', val: '<html>'}))
+  }
+)()
author	Nick Downing <downing.nick@gmail.com>
	Sun, 14 Oct 2018 07:05:44 +0000 (18:05 +1100)
committer	Nick Downing <nick@ndcode.org>
	Tue, 30 Oct 2018 07:54:35 +0000 (18:54 +1100)
package.json		patch \| blob \| history
page.jst		patch \| blob \| history
template.js		patch \| blob \| history
test.js		patch \| blob \| history