Merge pull request #1155 from sveltejs/ssr-escape-attribute-values

escape attribute values in SSR
pull/1159/head
Rich Harris 7 years ago committed by GitHub
commit 0ef8229077
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -11,7 +11,7 @@ export default function stringifyAttributeValue(block: Block, chunks: Node[]) {
block.contextualise(chunk.expression);
const { snippet } = chunk.metadata;
return '${' + snippet + '}';
return '${__escape(' + snippet + ')}';
})
.join('');
}

@ -0,0 +1,3 @@
export default {
html: `<span title='"foo"'>foo</span>`
};

@ -0,0 +1 @@
<span title='{{"\"foo\""}}'>foo</span>
Loading…
Cancel
Save