Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-introduce escaping of a closing tag when encoding javascript #1380

Merged
merged 2 commits into from
Oct 8, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tests-creation
testHtml
self
assert: (self jQuery html: [ :html | html div: 'foo' ])
equals: self function , '("<div>foo</div>")'.
equals: self function , '("<div>foo<\/div>")'.
self
assert: (self jQuery html: [ :html | html div title: 'foo'; with: 'bar' ])
equals: self function , '("<div title=\"foo\">bar</div>")'
equals: self function , '("<div title=\"foo\">bar<\/div>")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ tests-with
testWithBlock
self
assert: (self jQuery: [ :html | html heading: 'jQuery' ])
equals: self function , '("<h1>jQuery</h1>")'
equals: self function , '("<h1>jQuery<\/h1>")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tests-modifying
testAfter
self
assert: ((self jQuery: 'p') after: [ :html | html strong: 'Hello' ])
equals: self function , '("p").after("<strong>Hello</strong>")'.
equals: self function , '("p").after("<strong>Hello<\/strong>")'.
self
assert: ((self jQuery: 'span') insertAfter: '#foo')
equals: self function , '("span").insertAfter("#foo")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tests-modifying
testAppend
self
assert: ((self jQuery: 'p') append: [ :html | html strong: 'Hello' ])
equals: self function , '("p").append("<strong>Hello</strong>")'.
equals: self function , '("p").append("<strong>Hello<\/strong>")'.
self
assert: ((self jQuery: 'span') appendTo: '#foo')
equals: self function , '("span").appendTo("#foo")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tests-modifying
testBefore
self
assert: ((self jQuery: 'p') before: [ :html | html strong: 'Hello' ])
equals: self function , '("p").before("<strong>Hello</strong>")'.
equals: self function , '("p").before("<strong>Hello<\/strong>")'.
self
assert: ((self jQuery: 'span') insertBefore: '#foo')
equals: self function , '("span").insertBefore("#foo")'
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ testHtml
equals: self function , '("div").html()'.
self
assert: ((self jQuery: 'div') html: [ :html | html div ])
equals: self function , '("div").html("<div></div>")'
equals: self function , '("div").html("<div><\/div>")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tests-modifying
testPrepend
self
assert: ((self jQuery: 'p') prepend: [ :html | html strong: 'Hello' ])
equals: self function , '("p").prepend("<strong>Hello</strong>")'.
equals: self function , '("p").prepend("<strong>Hello<\/strong>")'.
self
assert: ((self jQuery: 'span') prependTo: '#foo')
equals: self function , '("span").prependTo("#foo")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ tests-modifying
testReplace
self
assert: ((self jQuery: 'p') replaceWith: [ :html | html emphasis: 'Hello' ])
equals: self function , '("p").replaceWith("<em>Hello</em>")'.
equals: self function , '("p").replaceWith("<em>Hello<\/em>")'.
self
assert: ((self jQuery html: [ :html | html div: 'Hello' ]) replaceAll: '.foo')
equals: self function , '("<div>Hello</div>").replaceAll(".foo")'
equals: self function , '("<div>Hello<\/div>").replaceAll(".foo")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ tests-modifying
testWrap
self
assert: ((self jQuery: 'p') wrap: [ :html | html strong ])
equals: self function , '("p").wrap("<strong></strong>")'.
equals: self function , '("p").wrap("<strong><\/strong>")'.
self
assert: ((self jQuery: 'p') wrapAll: [ :html | html div ])
equals: self function , '("p").wrapAll("<div></div>")'.
equals: self function , '("p").wrapAll("<div><\/div>")'.
self
assert: ((self jQuery: 'p') wrapInner: [ :html | html span ])
equals: self function , '("p").wrapInner("<span></span>")'
equals: self function , '("p").wrapInner("<span><\/span>")'
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
encoding
encodeString: aString on: aStream
encodeString: aString on: aStream
"Strings have a complicated encoding in Javascript, try to optimize their serialization."


| last |
aStream nextPut: $".
1 to: aString size do: [ :index |
1 to: aString size do: [ :index |
| char value encoded |
char := aString at: index.
value := char greaseInteger.
value < JavascriptCharacters size
value < JavascriptCharacters size
ifFalse: [
"U+2028 and U+2029 have to be treaded as new lines"
"U+2028 and U+2029 have to be treated as new lines"
value = 16r2028 "Line separator"
ifTrue: [ aStream nextPutAll: '\u2028' ]
ifFalse: [
Expand All @@ -20,7 +21,12 @@ encodeString: aString on: aStream
encoded := JavascriptCharacters at: value + 1.
"we use nil markers becausee #isNil is faster than #isString because it's not
actually sent"
encoded isNil
ifTrue: [ aStream nextPut: char ]
ifFalse: [ aStream nextPutAll: encoded ] ] ].
encoded isNil
ifTrue: [
"avoid that browsers mistakenly take the output as a closing tag"
(last = $< and: [ char = $/ ])
ifTrue: [ aStream nextPutAll: '\/' ]
ifFalse: [ aStream nextPut: char ] ]
ifFalse: [ aStream nextPutAll: encoded ] ].
last := char ].
aStream nextPut: $"
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Please describe the package using the class comment of the included manifest class. The manifest class also includes other additional metadata for the package. These meta data are used by other tools such as the SmalllintManifestChecker and the critics Browser
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
code-critics
ruleTempsReadBeforeWrittenRuleV1FalsePositive

<ignoreForCoverage>
^ #(#(#(#RGMethodDefinition #(#'JSStream class' #encodeString:on: #true)) #'2023-09-27T18:22:24.916405+02:00') )
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"commentStamp" : "<historical>",
"super" : "PackageManifest",
"category" : "Javascript-Core-Manifest",
"classinstvars" : [ ],
"pools" : [ ],
"classvars" : [ ],
"instvars" : [ ],
"name" : "ManifestJavascriptCore",
"type" : "normal"
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ testModifyingInsert
equals: '$(this).insert("1")'.
self
assert: (self element insertAfter: [ :r | r div ])
equals: '$(this).insert({"after":"<div></div>"})'.
equals: '$(this).insert({"after":"<div><\/div>"})'.
self
assert: (self element insertBefore: 'abc')
equals: '$(this).insert({"before":"abc"})'.
self
assert: (self element insertTop: [ :r | r span: 5 ])
equals: '$(this).insert({"top":"<span>5</span>"})'.
equals: '$(this).insert({"top":"<span>5<\/span>"})'.
self
assert: (self element insertBottom: '5')
equals: '$(this).insert({"bottom":"5"})'
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ testModifyingReplace
equals: '$(this).replace("foo")'.
self
assert: (self element replace: [ :r | r div id: 'foo' ])
equals: '$(this).replace("<div id=\"foo\"></div>")'
equals: '$(this).replace("<div id=\"foo\"><\/div>")'
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ testModifyingUpdate
equals: '$("foo").update("bar")'.
self
assert: (self element update: [ :r | r div: 'bar' ])
equals: '$(this).update("<div>bar</div>")'
equals: '$(this).update("<div>bar<\/div>")'
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ tests-rendering
testRenderedHtml
self
assert: [ :html | html div script: (html scriptaculous element update: [ :r | r span ]) ]
renders: '<div id="id1"></div><script type="text/javascript">$("id1").update("<span></span>");</script>'
renders: '<div id="id1"></div><script type="text/javascript">$("id1").update("<span><\/span>");</script>'
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ testRenderedHtmlWithScripts
assert: [ :html |
html div script: (html scriptaculous element remove).
html div script: (html scriptaculous element update: [ :r | r span ]) ]
renders: '<div id="id1"></div><div id="id2"></div><script type="text/javascript">$("id1").remove();$("id2").update("<span></span>");</script>'
renders: '<div id="id1"></div><div id="id2"></div><script type="text/javascript">$("id1").remove();$("id2").update("<span><\/span>");</script>'

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
configuration
createHandlers

^ Array with: WARequestHandler new
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
testing
testNestedScripts

self
assert: [ :html |
html anchor script:
((html jQuery this closest: 'div') append: [ :r |
r div script: (html jQuery this
on: 'click'
selector: '.class'
do: (JSStream on: 'alert(''nested script''')) ]) ]
gives: '<html><head><title></title></head><body onload="onLoad()"><a id="id2"></a><script type="text/javascript">function onLoad(){$("#id2").closest("div").append("<div id=\"id1\"><\/div><script type=\"text/javascript\">$(\"#id1\").on(\"click\",\".class\",function(){alert(''nested script''});<\/script>");};</script></body></html>'
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ assert: aBlock gives: aString
fullDocument: true;
scriptGeneratorClass: self scriptGeneratorClass;
render: aBlock.
self assert: aString = html
self assert: aString equals: html