diff --git a/.changeset/fast-ligers-repeat.md b/.changeset/fast-ligers-repeat.md new file mode 100644 index 0000000000..c6b35c4373 --- /dev/null +++ b/.changeset/fast-ligers-repeat.md @@ -0,0 +1,5 @@ +--- +'svelte': patch +--- + +fix: disallow invalid attributes for `` and `` diff --git a/documentation/docs/98-reference/.generated/compile-errors.md b/documentation/docs/98-reference/.generated/compile-errors.md index b32bc6b89c..16cd361e52 100644 --- a/documentation/docs/98-reference/.generated/compile-errors.md +++ b/documentation/docs/98-reference/.generated/compile-errors.md @@ -412,6 +412,12 @@ Expected whitespace `$host()` can only be used inside custom element component instances ``` +### illegal_element_attribute + +``` +`<%name%>` does not support non-event attributes or spread attributes +``` + ### import_svelte_internal_forbidden ``` diff --git a/packages/svelte/messages/compile-errors/template.md b/packages/svelte/messages/compile-errors/template.md index cddca87d9c..38ff87d505 100644 --- a/packages/svelte/messages/compile-errors/template.md +++ b/packages/svelte/messages/compile-errors/template.md @@ -172,6 +172,10 @@ > Expected whitespace +## illegal_element_attribute + +> `<%name%>` does not support non-event attributes or spread attributes + ## js_parse_error > %message% diff --git a/packages/svelte/src/compiler/errors.js b/packages/svelte/src/compiler/errors.js index 00e2246ccf..ad2919b34b 100644 --- a/packages/svelte/src/compiler/errors.js +++ b/packages/svelte/src/compiler/errors.js @@ -984,6 +984,16 @@ export function expected_whitespace(node) { e(node, "expected_whitespace", "Expected whitespace"); } +/** + * `<%name%>` does not support non-event attributes or spread attributes + * @param {null | number | NodeLike} node + * @param {string} name + * @returns {never} + */ +export function illegal_element_attribute(node, name) { + e(node, "illegal_element_attribute", `\`<${name}>\` does not support non-event attributes or spread attributes`); +} + /** * %message% * @param {null | number | NodeLike} node diff --git a/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteDocument.js b/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteDocument.js index a44baef9e4..fe54ebf30d 100644 --- a/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteDocument.js +++ b/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteDocument.js @@ -1,6 +1,8 @@ /** @import { AST } from '#compiler' */ /** @import { Context } from '../types' */ import { disallow_children } from './shared/special-element.js'; +import * as e from '../../../errors.js'; +import { is_event_attribute } from '../../../utils/ast.js'; /** * @param {AST.SvelteDocument} node @@ -8,5 +10,15 @@ import { disallow_children } from './shared/special-element.js'; */ export function SvelteDocument(node, context) { disallow_children(node); + + for (const attribute of node.attributes) { + if ( + attribute.type === 'SpreadAttribute' || + (attribute.type === 'Attribute' && !is_event_attribute(attribute)) + ) { + e.illegal_element_attribute(attribute, 'svelte:document'); + } + } + context.next(); } diff --git a/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteWindow.js b/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteWindow.js index c5392a477d..20f5abc5d6 100644 --- a/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteWindow.js +++ b/packages/svelte/src/compiler/phases/2-analyze/visitors/SvelteWindow.js @@ -1,6 +1,8 @@ /** @import { AST } from '#compiler' */ /** @import { Context } from '../types' */ import { disallow_children } from './shared/special-element.js'; +import * as e from '../../../errors.js'; +import { is_event_attribute } from '../../../utils/ast.js'; /** * @param {AST.SvelteWindow} node @@ -8,5 +10,15 @@ import { disallow_children } from './shared/special-element.js'; */ export function SvelteWindow(node, context) { disallow_children(node); + + for (const attribute of node.attributes) { + if ( + attribute.type === 'SpreadAttribute' || + (attribute.type === 'Attribute' && !is_event_attribute(attribute)) + ) { + e.illegal_element_attribute(attribute, 'svelte:window'); + } + } + context.next(); } diff --git a/packages/svelte/tests/validator/samples/illegal_spread_element-document/errors.json b/packages/svelte/tests/validator/samples/illegal_spread_element-document/errors.json new file mode 100644 index 0000000000..2e15b152e7 --- /dev/null +++ b/packages/svelte/tests/validator/samples/illegal_spread_element-document/errors.json @@ -0,0 +1,14 @@ +[ + { + "code": "illegal_element_attribute", + "message": "`` does not support non-event attributes or spread attributes", + "start": { + "line": 4, + "column": 17 + }, + "end": { + "line": 4, + "column": 23 + } + } +] diff --git a/packages/svelte/tests/validator/samples/illegal_spread_element-document/input.svelte b/packages/svelte/tests/validator/samples/illegal_spread_element-document/input.svelte new file mode 100644 index 0000000000..8980eea012 --- /dev/null +++ b/packages/svelte/tests/validator/samples/illegal_spread_element-document/input.svelte @@ -0,0 +1,4 @@ + + diff --git a/packages/svelte/tests/validator/samples/illegal_spread_element-window/errors.json b/packages/svelte/tests/validator/samples/illegal_spread_element-window/errors.json new file mode 100644 index 0000000000..c59045e852 --- /dev/null +++ b/packages/svelte/tests/validator/samples/illegal_spread_element-window/errors.json @@ -0,0 +1,14 @@ +[ + { + "code": "illegal_element_attribute", + "message": "`` does not support non-event attributes or spread attributes", + "start": { + "line": 4, + "column": 15 + }, + "end": { + "line": 4, + "column": 21 + } + } +] diff --git a/packages/svelte/tests/validator/samples/illegal_spread_element-window/input.svelte b/packages/svelte/tests/validator/samples/illegal_spread_element-window/input.svelte new file mode 100644 index 0000000000..c0076cc6bf --- /dev/null +++ b/packages/svelte/tests/validator/samples/illegal_spread_element-window/input.svelte @@ -0,0 +1,4 @@ + +