zio-http icon indicating copy to clipboard operation
zio-http copied to clipboard

Published 20 hours ago verified publisher icon zio

Html.fromString Behavior Change

Open eltimn opened this issue 1 year ago • 4 comments

Describe the bug I'm not sure if this is a bug or if it was intentional, but Html.fromString now encodes the string, so the browser just shows the escaped text instead of the rendered html.

I believe it was this commit that caused the behavior change.

If it was not intentional, then I think the easiest fix would be to change Html.fromString to:

implicit def fromString(string: CharSequence): Html = Html.Single(Dom.raw(string))

I wasn't able to test this as sbt is giving me some trouble.

I did figure out I could use Html.fromDomElement(Dom.raw(myString)) instead so as long as that doesn't change, I'm good to go. Just thought you would want to know about the behavior change.

To Reproduce Create a Route that uses Html.fromString:

Method.GET / "" -> handler(
  Response.html(
    Html.fromString(
      """<div class="container1 container2"><a href="http://zio.dev">ZIO Homepage</a></div>"""
    )
  )
)

I created a git repo that has a route like that, it also includes a route using formDomElement:

eltimn avatar Jan 24 '24 22:01 eltimn

/bounty $50 for adding Html.raw.

I think it's safer that Html.fromString perform escaping to prevent code injection attacks.

jdegoes avatar Feb 08 '24 09:02 jdegoes

💎 $50 bounty created by ZIO 🙋 If you start working on this, comment /attempt #2651 along with your implementation plan 👉 To claim this bounty, submit a pull request that includes the text /claim #2651 somewhere in its body 📝 Before proceeding, please make sure you can receive payouts in your country 💵 Payment arrives in your account 2-5 days after the bounty is rewarded 💯 You keep 100% of the bounty award 🙏 Thank you for contributing to zio/zio-http!

👉 Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🔴 @Bhavyajain21 Mar 2, 2024, 11:44:36 AM WIP
🟢 @guptadeepak8 #2668

algora-pbc[bot] avatar Feb 08 '24 09:02 algora-pbc[bot]

💡 @guptadeepak8 submitted a pull request that claims the bounty. You can visit your bounty board to reward.

algora-pbc[bot] avatar Feb 08 '24 11:02 algora-pbc[bot]

/attempt #2651

Options

Bhavyajain21 avatar Mar 02 '24 11:03 Bhavyajain21

🎉🎈 @guptadeepak8 has been awarded $50! 🎈🎊

algora-pbc[bot] avatar Apr 05 '24 14:04 algora-pbc[bot]