Fix ampersand escaping

riganti · Nov 19, 2023 · b4b6312 · b4b6312
1 parent a6c3b17
commit b4b6312
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/src/Framework/Framework/Controls/HtmlWriter.cs b/src/Framework/Framework/Controls/HtmlWriter.cs
@@ -515,7 +515,7 @@ private static int IndexOfHtmlEncodingChars(string input, int startIndex, bool e
                             // An ambiguous ampersand is a U+0026 AMPERSAND character (&) that is followed by one or more ASCII alphanumerics, followed by a U+003B SEMICOLON character (;), where these characters do not match any of the names given in the named character references section.
 
                             // so if the next character is not alphanumeric, we can leave it there
-                            if (i == input.Length)
+                            if (i + 1 == input.Length)
                                 return i;
                             var nextChar = input[i + 1];
                             if (IsInRange(nextChar, 'a', 'z') ||

diff --git a/src/Tests/Runtime/HtmlWriterTests.cs b/src/Tests/Runtime/HtmlWriterTests.cs
@@ -42,5 +42,38 @@ public void ImgTagWithChildren()
             });
             Assert.AreEqual("<img><div></div></img>", text);
         }
+
+        [TestMethod]
+        public void EscapingAmpersandStringEnd()
+        {
+            var text = WriteHtml(a => {
+                a.AddAttribute("a", "&");
+                a.AddAttribute("b", "abc &");
+                a.RenderSelfClosingTag("img");
+            });
+            Assert.AreEqual("<img a=\"&amp;\" b=\"abc &amp;\" />", text);
+        }
+
+        [TestMethod]
+        public void EscapingAmpersandAllowedUnescaped()
+        {
+            var text = WriteHtml(a => {
+                a.AddAttribute("a", "a & b");
+                a.AddAttribute("b", "a && b");
+                a.RenderSelfClosingTag("img");
+            });
+            Assert.AreEqual("<img a=\"a & b\" b=\"a && b\" />", text);
+        }
+
+        [TestMethod]
+        public void EscapingAmpersandUnallowed()
+        {
+            var text = WriteHtml(a => {
+                a.AddAttribute("a", "&amp;");
+                a.AddAttribute("b", "a&b");
+                a.RenderSelfClosingTag("img");
+            });
+            Assert.AreEqual("<img a=\"&amp;amp;\" b=\"a&amp;b\" />", text);
+        }
     }
 }