Relax attribute escaping. Fixes #26

bodil · May 28, 2019 · 1588f30 · 1588f30
1 parent 9c81041
commit 1588f30
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/macros/src/declare.rs b/macros/src/declare.rs
@@ -337,7 +337,7 @@ impl Declare {
         for (attr_name, _, attr_str) in self.attrs() {
             print_attrs.extend(quote!(
                 if let Some(ref value) = self.attrs.#attr_name {
-                    let value = ::htmlescape::encode_attribute(&value.to_string());
+                    let value = crate::escape_html_attribute(value.to_string());
                     if !value.is_empty() {
                         write!(f, " {}=\"{}\"", #attr_str, value)?;
                     }
@@ -355,7 +355,7 @@ impl Declare {
                     #print_attrs
                     for (key, value) in &self.data_attributes {
                         write!(f, " data-{}=\"{}\"", key,
-                               ::htmlescape::encode_attribute(&value))?;
+                               crate::escape_html_attribute(value.to_string()))?;
                     }
                     write!(f, "{}", self.events)?;
                     #print_children

diff --git a/typed-html/src/lib.rs b/typed-html/src/lib.rs
@@ -227,3 +227,11 @@ impl OutputType for String {
     type EventTarget = ();
     type EventListenerHandle = ();
 }
+
+pub fn escape_html_attribute(html_attr: String) -> String {
+    // Even though the code is quoting the variables with a double quote, escape all known quoting chars
+    html_attr
+        .replace("\"", "&quot;")
+        .replace("'", "&#39;")
+        .replace("`", "&#96;")
+}