msb-public
/
svelte
mirror of https://github.com/sveltejs/svelte
1
0
Code Issues Projects Releases Wiki Activity

fix: only escape characters in SSR template (#10555)

Browse Source 
Adjusts the escaping mechanism done for server compilation. For template literals it's now only applied when explicitly told, which is the case for generated literals from the html template. Fixes a bug where a template literal string inside the `@html` tag was wrongfully escaped (https://github.com/sveltejs/svelte/issues/10359#issuecomment-1949678228)
pull/10558/head
Simon H 1 year ago committed by GitHub
parent 08978bfae8
commit aef245364c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File

5
.changeset/neat-boats-shake.md
Unescape View File

@ -0,0 +1,5 @@
---
"svelte": patch
---
fix: only escape characters in SSR template

10
packages/svelte/src/compiler/phases/3-transform/server/transform-server.js
Unescape View File

@ -32,10 +32,11 @@ function t_string(value) {
/** /**
* @param {import('estree').Expression} value * @param {import('estree').Expression} value
* @param {boolean} [needs_escaping]
* @returns {import('./types').TemplateExpression} * @returns {import('./types').TemplateExpression}
*/ */
function t_expression(value) { function t_expression(value, needs_escaping = false) {
return { type: 'expression', value }; return { type: 'expression', value, needs_escaping };
} }
/** /**
@ -94,7 +95,8 @@ function serialize_template(template, out = b.id('out')) {
} else if (template_item.type === 'expression') { } else if (template_item.type === 'expression') {
const value = template_item.value; const value = template_item.value;
if (value.type === 'TemplateLiteral') { if (value.type === 'TemplateLiteral') {
last.value.raw += sanitize_template_string(value.quasis[0].value.raw); const raw = value.quasis[0].value.raw;
last.value.raw += template_item.needs_escaping ? sanitize_template_string(raw) : raw;
quasis.push(...value.quasis.slice(1)); quasis.push(...value.quasis.slice(1));
expressions.push(...value.expressions); expressions.push(...value.expressions);
continue; continue;
@ -198,7 +200,7 @@ function process_children(nodes, parent, { visit, state }) {
} }
} }
state.template.push(t_expression(b.template(quasis, expressions))); state.template.push(t_expression(b.template(quasis, expressions), true));
} }
for (let i = 0; i < nodes.length; i += 1) { for (let i = 0; i < nodes.length; i += 1) {

1
packages/svelte/src/compiler/phases/3-transform/server/types.d.ts vendored
Unescape View File

@ -12,6 +12,7 @@ import type { ComponentAnalysis } from '../../types.js';
export type TemplateExpression = { export type TemplateExpression = {
type: 'expression'; type: 'expression';
value: Expression; value: Expression;
needs_escaping: boolean;
}; };
export type TemplateString = { export type TemplateString = {

5
packages/svelte/tests/runtime-runes/samples/html-tag-escaping/_config.js
Unescape View File

@ -0,0 +1,5 @@
import { test } from '../../test';
export default test({
html: `s s s \\u73`
});

5
packages/svelte/tests/runtime-runes/samples/html-tag-escaping/main.svelte
Unescape View File

@ -0,0 +1,5 @@
{@html `\u{73}`}
{@html '\u{73}'}
{@html "\u{73}"}
\u{73}
Write Preview
Loading…
Cancel
Save