Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix HTML entity escaping in Glimmer printer #4533

Closed
wants to merge 1 commit into from
Closed

Fix HTML entity escaping in Glimmer printer #4533

wants to merge 1 commit into from

Conversation

omghax
Copy link
Contributor

@omghax omghax commented May 24, 2018

Previously, prettier would unescape &lt; and &gt; which would result in invalid HTML. This change escapes Glimmer TextNode nodes to ensure that &, <, and > remain escaped properly.

lydell
lydell previously requested changes May 24, 2018
View reviewed changes
Copy link
Member

@lydell lydell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add tests for other escapes?

@omghax
Copy link
Contributor Author

omghax commented May 24, 2018

@lydell Sure, are there any others you had in mind? The full list is pretty large. Handlebars itself only escapes a handful of characters, though I'm not sure why they chose to escape the last 3 in that list.

@lydell
Copy link
Member

lydell commented May 24, 2018 

&amp;
&nbsp;
&#160;
&#xa0;

lydell
lydell reviewed May 24, 2018
View reviewed changes
src/language-handlebars/printer-glimmer.js Outdated
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
"\xa0": "&nbsp;"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn’t feel right.

lydell
lydell reviewed May 24, 2018
View reviewed changes
src/language-handlebars/printer-glimmer.js Outdated
"\xa0": "&nbsp;"
};

const badChars = /[&<>\xa0]/g;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you had to add yet another character here? Where will it end?

lydell
lydell reviewed May 24, 2018
View reviewed changes
tests/html_glimmer/__snapshots__/jsfmt.spec.js.snap Outdated
<p>Some escaped characters: &lt; &gt; &amp; &nbsp; &#160; &#xa0;</p>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<p>
Some escaped characters: &lt; &gt; &amp; &nbsp; &nbsp; &nbsp;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So all of those are turned into &nbsp;? Not sure if that’s a feature or a bug. Perhaps it’s out of scope for this PR.

@lydell
Copy link
Member

lydell commented May 24, 2018

This doesn’t feel like the right thing to do overall.

Perhaps we could merge a quick-fix for only <, > and & so that at least the output code is valid, and then open an issue about properly handling escapes.

@omghax
Copy link
Contributor Author

omghax commented May 24, 2018

@lydell Okay, I'll remove that commit from this PR and just leave it focused on <, >, and &.

@lydell lydell dismissed their stale review May 24, 2018 19:21

¯_(ツ)_/¯

@rwjblue
Copy link

rwjblue commented May 25, 2018

FWIW - @glimmer/syntax uses simple-html-tokenizer which ships with a file with all the HTML char references (see here) which is actually generated from https://github.com/w3c/html/blob/master/entities.json...

@j-f1
Copy link
Member

j-f1 commented Jun 28, 2018

What’s the status of this? Should we merge or close?

@j-f1 j-f1 added the status:awaiting response Issues that require answers to questions from maintainers before action can be taken label Jun 28, 2018
@lydell lydell mentioned this pull request Oct 25, 2018
Closed
@lifeart
Copy link

lifeart commented Nov 1, 2018

@omghax @j-f1 sorry for pinging, is it possible to get it merged?

@j-f1
Copy link
Member

j-f1 commented Nov 2, 2018

@lydell what do you think?

@lydell
Copy link
Member

lydell commented Nov 2, 2018

I guess we could merge it.

@j-f1
Copy link
Member

j-f1 commented Nov 2, 2018

Can you fix the merge conflicts @omghax?

@mfeckie mfeckie mentioned this pull request May 24, 2019
Closed
@billdami
Copy link

Just curious on the status of this issue? Also, it was a bit hard to judge from the discussion here, but will this fix result in &nbsp; not being converted to literal spaces? We are seeing issues with these specifically, since &nbsp; behaves differently in the DOM then a normal space (e.g. collapsing multiple adjacent spaces).

Ideally, we'd love a way to disable prettier's entity conversion entirely (for example we prefer to see/edit &raquo; in the source rather than »), but non-breaking spaces was the more immediate concern.

@alexander-akait
Copy link
Member

/cc @omghax can you rebase?

@alexander-akait
Copy link
Member

@billdami looks like PR was abandoned, feel free to send new PR

@rwjblue
Copy link

rwjblue commented May 24, 2019

FWIW, new changes were made to the latest @glimmer/syntax package to allow a "codemod" mode. In that mode, no entity escaping is done at all. If we migrate to that new mode, I think we will have a much better time.

See glimmerjs/glimmer-vm#938 for the changes I'm referring to...

@lydell
Copy link
Member

lydell commented May 24, 2019

@rwjblue Awesome! We should definitely try that out.

@jgwhite jgwhite mentioned this pull request Jun 19, 2019
Closed
@omghax
Fix HTML entity escaping in Glimmer printer
8c19e67 
Previously, prettier would unescape `&lt;` and `&gt;` which would result
in invalid HTML. This change escapes Glimmer TextNode nodes to ensure
that `&`, `<`, and `>` remain escaped properly.
@GavinJoyce GavinJoyce mentioned this pull request Jun 19, 2019
Merged
4 tasks
@GavinJoyce
Copy link
Contributor

I've created #6234 which uses the new "codemod" glimmer mode

@tchak tchak mentioned this pull request Jun 19, 2019
Closed
@GavinJoyce
Copy link
Contributor

@evilebottnawi perhaps you meant to approve #6234 instead? I think this PR can then be closed

@lydell
Copy link
Member

lydell commented Jul 8, 2019

Supersedes by #6234.

@lydell lydell closed this Jul 8, 2019
@lydell lydell removed the status:awaiting response Issues that require answers to questions from maintainers before action can be taken label Jul 8, 2019
@lock lock bot added the locked-due-to-inactivity Please open a new issue and fill out the template instead of commenting. label Oct 6, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Oct 6, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lydell lydell lydell left review comments

@alexander-akait alexander-akait alexander-akait approved these changes

Assignees
No one assigned
Labels
locked-due-to-inactivity Please open a new issue and fill out the template instead of commenting.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@omghax @lydell @rwjblue @j-f1 @lifeart @billdami @alexander-akait @GavinJoyce