-
-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix HTML entity escaping in Glimmer printer #4533
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add tests for other escapes?
@lydell Sure, are there any others you had in mind? The full list is pretty large. Handlebars itself only escapes a handful of characters, though I'm not sure why they chose to escape the last 3 in that list. |
|
"&": "&", | ||
"<": "<", | ||
">": ">", | ||
"\xa0": " " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn’t feel right.
"\xa0": " " | ||
}; | ||
|
||
const badChars = /[&<>\xa0]/g; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So you had to add yet another character here? Where will it end?
<p>Some escaped characters: < > &    </p> | ||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
<p> | ||
Some escaped characters: < > & |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So all of those are turned into
? Not sure if that’s a feature or a bug. Perhaps it’s out of scope for this PR.
This doesn’t feel like the right thing to do overall. Perhaps we could merge a quick-fix for only |
@lydell Okay, I'll remove that commit from this PR and just leave it focused on |
4d32cc6
to
2eaf2b5
Compare
FWIW - |
What’s the status of this? Should we merge or close? |
@lydell what do you think? |
I guess we could merge it. |
Can you fix the merge conflicts @omghax? |
Just curious on the status of this issue? Also, it was a bit hard to judge from the discussion here, but will this fix result in Ideally, we'd love a way to disable prettier's entity conversion entirely (for example we prefer to see/edit |
/cc @omghax can you rebase? |
@billdami looks like PR was abandoned, feel free to send new PR |
FWIW, new changes were made to the latest @glimmer/syntax package to allow a "codemod" mode. In that mode, no entity escaping is done at all. If we migrate to that new mode, I think we will have a much better time. See glimmerjs/glimmer-vm#938 for the changes I'm referring to... |
@rwjblue Awesome! We should definitely try that out. |
Previously, prettier would unescape `<` and `>` which would result in invalid HTML. This change escapes Glimmer TextNode nodes to ensure that `&`, `<`, and `>` remain escaped properly.
2eaf2b5
to
8c19e67
Compare
I've created #6234 which uses the new "codemod" glimmer mode |
@evilebottnawi perhaps you meant to approve #6234 instead? I think this PR can then be closed |
Supersedes by #6234. |
Previously, prettier would unescape
<
and>
which would result in invalid HTML. This change escapes Glimmer TextNode nodes to ensure that&
,<
, and>
remain escaped properly.