_hs escapes quotes.

[tonyalaribe]

The _hs quasiquoter escapes quotes which in hyperscript are valid characters to signify ownership

def fields.colapseUntil(elem, level)
        log elem then
        log level then
        if elem's @data-depth is less than level 
          then log elem
          then add .hidden to elem 
          then fields.colapseUntil(next @data-depth from elem)
        else
          return
      end

 Expected 'end' but found '&'

        if elem's @data-depth is less than level 
                ^^

 Error: Expected 'end' but found '&'

        if elem's @data-depth is less than level 
      ```       

[rashadg1030]

Yes, thank you for pointing this out. I noticed this in my own project and it was annoying. I will fix this soon. Just been busy with other things. After this gets sorted out, I'd like to work on the more interesting stuff too. Like embedding Haskell values in hyperscript, checking the hyperscript syntax at compile time, and even typechecking hyperscript (to an extent). This will require an implementation of the hyperscript parser in Haskell.

[rashadg1030]

@tonyalaribe Okay so turns out this issue is deeper than I thought and may be unavoidable...Basically the cause of the issue is the function fromHtmlEscapedText in Blaze.ByteString.Builder.Html.Utf8, which is used by Lucid's buildAttr :: Text -> Text -> Builder. So it's pretty much unavoidable. The only way to remedy this, I think, would be to fork Lucid and replace fromHtmlEscapedText with something that doesn't escape. This could be a security issue though as discussed here. I'm dissapointed. Maybe there's a better solution that doesn't require changes to the internals? Let me know what you think...I think this same issue would apply to ihp-hsx or any other libraries that depend on blaze.

Edit: By disallowing certain characters in the HTML attributes it prevents cross-site scripting attacks? That seems to be the motivation for the escaping.

[tonyalaribe]

I see. I guess it's unavoidable. But just for clarity, is fromHtmlEscapedText also used for the script tag? _hx?
I could understand why this limitation would exist for attributes [__| |], but not for the _hx quasiquote, especially since other quasiquotes don't seem to have this issue, if I use them just for string interpolation. Eg:

[tonyalaribe]

And thanks a lot for looking into this

[rashadg1030]

I see. I guess it's unavoidable. But just for clarity, is fromHtmlEscapedText also used for the script tag? _hx? I could understand why this limitation would exist for attributes [__| |], but not for the _hx quasiquote, especially since other quasiquotes don't seem to have this issue, if I use them just for string interpolation. Eg:

I thought there would be no issue with the _hs QuasiQuoter too, but I just tested it out the same thing happens.

[rashadg1030]

@tonyalaribe Okay, so I fixed the _hs quasiquoter by using toHtmlRaw instead of toHtml. Can't do the same for attributes unfortunately.

[rashadg1030]

Anyways, I'll push the latest version so that at least _hs is usable. Then I'll have to go from there. This issue means that hyperscript is basically unusable with any libraries that use blaze simply because ', <, etc. are escaped....I'll look for a workaround to make sure that there really is no other way. And then I'll consider forking blaze or something. Idk.

[tonyalaribe]

Thanks @rashadg1030, it works great on my end.