squint
squint copied to clipboard
squint-cljs
HTML is not escaped in dynamic expression
(let [s "<html>"]
#html [:a s])
;;=> "<a><html></a>"
Working on this, by wrapping escaped strings in objects that won't be re-escaped, but when using a custom lit/html tag then lit/html will re-escape it nonetheless:
http://localhost:5173/?src=KG5zIG15LWxpdAogICg6cmVxdWlyZSBbc3F1aW50LmNvcmUgOnJlZmVyIFtkZWZjbGFzcyBqcy10ZW1wbGF0ZV1dCiAgIFsiaHR0cHM6Ly9lc20uc2gvbGl0QDMuMC4wIiA6YXMgbGl0XSkpCgooZGVmY2xhc3MgTXlFbGVtZW50CiAgKGV4dGVuZHMgbGl0L0xpdEVsZW1lbnQpCiAgKF46c3RhdGljIGZpZWxkIHByb3BlcnRpZXMgezpjb3VudCB7fX0pCgogIChjb25zdHJ1Y3RvciBbdGhpc10KICAgIChzdXBlcikKICAgIChzZXQhIHRoaXMuY291bnQgMCkKICAgIChzZXQhIHRoaXMubmFtZSAiSGVsbG8gPHRoZXJlPiIpKQoKICBPYmplY3QKICAocmVuZGVyIFt0aGlzXQogICAgI2h0bWwgXmxpdC9odG1sCiAgICBbOmRpdgogICAgIFs6aDEgdGhpcy5uYW1lXQogICAgIFs6YnV0dG9uIHsiQGNsaWNrIiB0aGlzLm9uQ2xpY2sKICAgICAgICAgICAgICAgOnBhcnQgImJ1dHRvbiJ9CiAgICAgICJDbGljayBjb3VudCAiIHRoaXMuY291bnRdXSkKCiAgKG9uQ2xpY2sgW3RoaXNdCiAgICAoc2V0ISB0aGlzLmNvdW50IChpbmMgdGhpcy5jb3VudCkpKSkKCihqcy93aW5kb3cuY3VzdG9tRWxlbWVudHMuZGVmaW5lICJteS1lbGVtZW50IiBNeUVsZW1lbnQpCgooZGVmIGFwcCAob3IgKGpzL2RvY3VtZW50LnF1ZXJ5U2VsZWN0b3IgIiNhcHAiKQogICAgICAgICAgIChkb3RvIChqcy9kb2N1bWVudC5jcmVhdGVFbGVtZW50ICJkaXYiKQogICAgICAgICAgICAgKHNldCEgLWlkICJhcHAiKQogICAgICAgICAgICAgKGpzL2RvY3VtZW50LmJvZHkucHJlcGVuZCkpKSkKCihzZXQhICguLWlubmVySFRNTCBhcHApICNodG1sIFs6ZGl2CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBbOm15LWVsZW1lbnRdCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjX1s6bXktZWxlbWVudF1dKQ%3D%3D
- [x] So perhaps the escaping business should be avoided when using a custom tag.
- [x] perhaps the string escaping can happen as part of the tag function
- [x] port tests from borkdude/html branch (but this can happen after merging branch)
See html-safe-2 branch
