From d2f1dd5ef36e79a15db5891dd596b5d765669938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Standa=20Luke=C5=A1?= Date: Tue, 14 Nov 2023 12:06:57 +0100 Subject: [PATCH] Fix ampersand escaping --- .../Framework/Controls/HtmlWriter.cs | 2 +- src/Tests/Runtime/HtmlWriterTests.cs | 33 +++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/src/Framework/Framework/Controls/HtmlWriter.cs b/src/Framework/Framework/Controls/HtmlWriter.cs index 38f3e21973..7c97e590f9 100644 --- a/src/Framework/Framework/Controls/HtmlWriter.cs +++ b/src/Framework/Framework/Controls/HtmlWriter.cs @@ -515,7 +515,7 @@ private static int IndexOfHtmlEncodingChars(string input, int startIndex, bool e // An ambiguous ampersand is a U+0026 AMPERSAND character (&) that is followed by one or more ASCII alphanumerics, followed by a U+003B SEMICOLON character (;), where these characters do not match any of the names given in the named character references section. // so if the next character is not alphanumeric, we can leave it there - if (i == input.Length) + if (i + 1 == input.Length) return i; var nextChar = input[i + 1]; if (IsInRange(nextChar, 'a', 'z') || diff --git a/src/Tests/Runtime/HtmlWriterTests.cs b/src/Tests/Runtime/HtmlWriterTests.cs index c366e31db1..9c2a7254f8 100644 --- a/src/Tests/Runtime/HtmlWriterTests.cs +++ b/src/Tests/Runtime/HtmlWriterTests.cs @@ -42,5 +42,38 @@ public void ImgTagWithChildren() }); Assert.AreEqual("
", text); } + + [TestMethod] + public void EscapingAmpersandStringEnd() + { + var text = WriteHtml(a => { + a.AddAttribute("a", "&"); + a.AddAttribute("b", "abc &"); + a.RenderSelfClosingTag("img"); + }); + Assert.AreEqual("", text); + } + + [TestMethod] + public void EscapingAmpersandAllowedUnescaped() + { + var text = WriteHtml(a => { + a.AddAttribute("a", "a & b"); + a.AddAttribute("b", "a && b"); + a.RenderSelfClosingTag("img"); + }); + Assert.AreEqual("", text); + } + + [TestMethod] + public void EscapingAmpersandUnallowed() + { + var text = WriteHtml(a => { + a.AddAttribute("a", "&"); + a.AddAttribute("b", "a&b"); + a.RenderSelfClosingTag("img"); + }); + Assert.AreEqual("", text); + } } }