Merge pull request #1380 from SeasideSt/1379-Nested-script-tags-are-n…

…ot-properly-escaped

Re-introduce escaping of a closing tag when encoding javascript

repository/JQuery-Tests-Core.package/JQueryClassTest.class/instance/testHtml.st

@@ -2,7 +2,7 @@ tests-creation
 testHtml
 	self
 		assert: (self jQuery html: [ :html | html div: 'foo' ])
-		equals: self function , '("<div>foo</div>")'.
+		equals: self function , '("<div>foo<\/div>")'.
 	self
 		assert: (self jQuery html: [ :html | html div title: 'foo'; with: 'bar' ])
-		equals: self function , '("<div title=\"foo\">bar</div>")'
+		equals: self function , '("<div title=\"foo\">bar<\/div>")'

repository/JQuery-Tests-Core.package/JQueryClassTest.class/instance/testWithBlock.st

@@ -2,4 +2,4 @@ tests-with
 testWithBlock
 	self
 		assert: (self jQuery: [ :html | html heading: 'jQuery' ])
-		equals: self function , '("<h1>jQuery</h1>")'
+		equals: self function , '("<h1>jQuery<\/h1>")'

repository/JQuery-Tests-Core.package/JQueryInstanceTest.class/instance/testAfter.st

@@ -2,7 +2,7 @@ tests-modifying
 testAfter
 	self
 		assert: ((self jQuery: 'p') after: [ :html | html strong: 'Hello' ])
-		equals: self function , '("p").after("<strong>Hello</strong>")'.
+		equals: self function , '("p").after("<strong>Hello<\/strong>")'.
 	self
 		assert: ((self jQuery: 'span') insertAfter: '#foo')
 		equals: self function , '("span").insertAfter("#foo")'

repository/JQuery-Tests-Core.package/JQueryInstanceTest.class/instance/testAppend.st

@@ -2,7 +2,7 @@ tests-modifying
 testAppend
 	self
 		assert: ((self jQuery: 'p') append: [ :html | html strong: 'Hello' ])
-		equals: self function , '("p").append("<strong>Hello</strong>")'.
+		equals: self function , '("p").append("<strong>Hello<\/strong>")'.
 	self
 		assert: ((self jQuery: 'span') appendTo: '#foo')
 		equals: self function , '("span").appendTo("#foo")'

repository/JQuery-Tests-Core.package/JQueryInstanceTest.class/instance/testBefore.st

@@ -2,7 +2,7 @@ tests-modifying
 testBefore
 	self
 		assert: ((self jQuery: 'p') before: [ :html | html strong: 'Hello' ])
-		equals: self function , '("p").before("<strong>Hello</strong>")'.
+		equals: self function , '("p").before("<strong>Hello<\/strong>")'.
 	self
 		assert: ((self jQuery: 'span') insertBefore: '#foo')
 		equals: self function , '("span").insertBefore("#foo")'

repository/JQuery-Tests-Core.package/JQueryInstanceTest.class/instance/testHtml.st

@@ -5,4 +5,4 @@ testHtml
 		equals: self function , '("div").html()'.
 	self 
 		assert: ((self jQuery: 'div') html: [ :html | html div ])
-		equals: self function , '("div").html("<div></div>")'
+		equals: self function , '("div").html("<div><\/div>")'

repository/JQuery-Tests-Core.package/JQueryInstanceTest.class/instance/testPrepend.st

@@ -2,7 +2,7 @@ tests-modifying
 testPrepend
 	self
 		assert: ((self jQuery: 'p') prepend: [ :html | html strong: 'Hello' ])
-		equals: self function , '("p").prepend("<strong>Hello</strong>")'.
+		equals: self function , '("p").prepend("<strong>Hello<\/strong>")'.
 	self
 		assert: ((self jQuery: 'span') prependTo: '#foo')
 		equals: self function , '("span").prependTo("#foo")'

repository/JQuery-Tests-Core.package/JQueryInstanceTest.class/instance/testReplace.st

@@ -2,7 +2,7 @@ tests-modifying
 testReplace
 	self
 		assert: ((self jQuery: 'p') replaceWith: [ :html | html emphasis: 'Hello' ])
-		equals: self function , '("p").replaceWith("<em>Hello</em>")'.
+		equals: self function , '("p").replaceWith("<em>Hello<\/em>")'.
 	self
 		assert: ((self jQuery html: [ :html | html div: 'Hello' ]) replaceAll: '.foo')
-		equals: self function , '("<div>Hello</div>").replaceAll(".foo")'
+		equals: self function , '("<div>Hello<\/div>").replaceAll(".foo")'

repository/JQuery-Tests-Core.package/JQueryInstanceTest.class/instance/testWrap.st

@@ -2,10 +2,10 @@ tests-modifying
 testWrap
 	self
 		assert: ((self jQuery: 'p') wrap: [ :html | html strong ])
-		equals: self function , '("p").wrap("<strong></strong>")'.
+		equals: self function , '("p").wrap("<strong><\/strong>")'.
 	self
 		assert: ((self jQuery: 'p') wrapAll: [ :html | html div ])
-		equals: self function , '("p").wrapAll("<div></div>")'.
+		equals: self function , '("p").wrapAll("<div><\/div>")'.
 	self
 		assert: ((self jQuery: 'p') wrapInner: [ :html | html span ])
-		equals: self function , '("p").wrapInner("<span></span>")'
+		equals: self function , '("p").wrapInner("<span><\/span>")'

repository/Javascript-Core.package/JSStream.class/class/encodeString.on..st

@@ -1,15 +1,16 @@
 encoding
-encodeString: aString on: aStream 
+encodeString: aString on: aStream
 	"Strings have a complicated encoding in Javascript, try to optimize their serialization."
-
+
+	| last |
 	aStream nextPut: $".
-	1 to: aString size do: [ :index | 
+	1 to: aString size do: [ :index |
 		| char value encoded |
 		char := aString at: index.
 		value := char greaseInteger.
-		value < JavascriptCharacters size 
+		value < JavascriptCharacters size
 			ifFalse: [
-				"U+2028 and U+2029 have to be treaded as new lines"
+				"U+2028 and U+2029 have to be treated as new lines"
 				value = 16r2028 "Line separator"
 					ifTrue: [ aStream nextPutAll: '\u2028' ]
 					ifFalse: [
@@ -20,7 +21,12 @@ encodeString: aString on: aStream
 				encoded := JavascriptCharacters at: value + 1.
 				"we use nil markers becausee #isNil is faster than #isString because it's not
 				actually sent"
-				encoded isNil 
-					ifTrue: [ aStream nextPut: char ]
-					ifFalse: [ aStream nextPutAll: encoded ] ] ].
+				encoded isNil
+					ifTrue: [
+						"avoid that browsers mistakenly take the output as a closing tag"
+  						(last = $< and: [ char = $/ ])
+							ifTrue: [ aStream nextPutAll: '\/' ]
+							ifFalse: [ aStream nextPut: char ] ]
+					ifFalse: [ aStream nextPutAll: encoded ] ].
+			last := char ].
 	aStream nextPut: $"

repository/Javascript-Core.package/ManifestJavascriptCore.class/README.md

@@ -0,0 +1 @@
+Please describe the package using the class comment of the included manifest class. The manifest class also includes other additional metadata for the package. These meta data are used by other tools such as the SmalllintManifestChecker and the critics Browser

repository/Javascript-Core.package/ManifestJavascriptCore.class/class/ruleTempsReadBeforeWrittenRuleV1FalsePositive.st

@@ -0,0 +1,5 @@
+code-critics
+ruleTempsReadBeforeWrittenRuleV1FalsePositive
+
+	<ignoreForCoverage>
+	^ #(#(#(#RGMethodDefinition #(#'JSStream class' #encodeString:on: #true)) #'2023-09-27T18:22:24.916405+02:00') )

repository/Javascript-Core.package/ManifestJavascriptCore.class/properties.json

@@ -0,0 +1,11 @@
+{
+	"commentStamp" : "<historical>",
+	"super" : "PackageManifest",
+	"category" : "Javascript-Core-Manifest",
+	"classinstvars" : [ ],
+	"pools" : [ ],
+	"classvars" : [ ],
+	"instvars" : [ ],
+	"name" : "ManifestJavascriptCore",
+	"type" : "normal"
+}

repository/Prototype-Tests-Core.package/PTElementTest.class/instance/testModifyingInsert.st

@@ -5,13 +5,13 @@ testModifyingInsert
 		equals: '$(this).insert("1")'.
 	self
 		assert: (self element insertAfter: [ :r | r div ])
-		equals: '$(this).insert({"after":"<div></div>"})'.
+		equals: '$(this).insert({"after":"<div><\/div>"})'.
 	self
 		assert: (self element insertBefore: 'abc')
 		equals: '$(this).insert({"before":"abc"})'.
 	self
 		assert: (self element insertTop: [ :r | r span: 5 ])
-		equals: '$(this).insert({"top":"<span>5</span>"})'.
+		equals: '$(this).insert({"top":"<span>5<\/span>"})'.
 	self
 		assert: (self element insertBottom: '5')
 		equals: '$(this).insert({"bottom":"5"})'

repository/Prototype-Tests-Core.package/PTElementTest.class/instance/testModifyingReplace.st

@@ -5,4 +5,4 @@ testModifyingReplace
 		equals: '$(this).replace("foo")'.
 	self
 		assert: (self element replace: [ :r | r div id: 'foo' ])
-		equals: '$(this).replace("<div id=\"foo\"></div>")'
+		equals: '$(this).replace("<div id=\"foo\"><\/div>")'

repository/Prototype-Tests-Core.package/PTElementTest.class/instance/testModifyingUpdate.st

@@ -5,4 +5,4 @@ testModifyingUpdate
 		equals: '$("foo").update("bar")'.
 	self
 		assert: (self element update: [ :r | r div: 'bar' ])
-		equals: '$(this).update("<div>bar</div>")'
+		equals: '$(this).update("<div>bar<\/div>")'

repository/Prototype-Tests-Core.package/PTElementTest.class/instance/testRenderedHtml.st

@@ -2,4 +2,4 @@ tests-rendering
 testRenderedHtml
 	self 
 		assert: [ :html | html div script: (html scriptaculous element update: [ :r | r span ]) ]
-		renders: '<div id="id1"></div><script type="text/javascript">$("id1").update("<span></span>");</script>'
+		renders: '<div id="id1"></div><script type="text/javascript">$("id1").update("<span><\/span>");</script>'

repository/Prototype-Tests-Core.package/PTElementTest.class/instance/testRenderedHtmlWithScripts.st

@@ -4,4 +4,4 @@ testRenderedHtmlWithScripts
 		assert: [ :html |
 			html div script: (html scriptaculous element remove).
 			html div script: (html scriptaculous element update: [ :r | r span ]) ]
-		renders: '<div id="id1"></div><div id="id2"></div><script type="text/javascript">$("id1").remove();$("id2").update("<span></span>");</script>'
+		renders: '<div id="id1"></div><div id="id2"></div><script type="text/javascript">$("id1").remove();$("id2").update("<span><\/span>");</script>'

repository/Seaside-Tests-Canvas.package/WADefaultScriptGeneratorTest.class/instance/createHandlers.st

@@ -0,0 +1,4 @@
+configuration
+createHandlers
+
+	^ Array with: WARequestHandler new

repository/Seaside-Tests-Canvas.package/WADefaultScriptGeneratorTest.class/instance/testNestedScripts.st

@@ -0,0 +1,12 @@
+testing
+testNestedScripts
+
+	self
+		assert: [ :html |
+			html anchor script:
+				((html jQuery this closest: 'div') append: [ :r |
+					 r div script: (html jQuery this
+							  on: 'click'
+							  selector: '.class'
+							  do: (JSStream on: 'alert(''nested script''')) ]) ]
+		gives: '<html><head><title></title></head><body onload="onLoad()"><a id="id2"></a><script type="text/javascript">function onLoad(){$("#id2").closest("div").append("<div id=\"id1\"><\/div><script type=\"text/javascript\">$(\"#id1\").on(\"click\",\".class\",function(){alert(''nested script''});<\/script>");};</script></body></html>'

repository/Seaside-Tests-Canvas.package/WAScriptGeneratorTest.class/instance/assert.gives..st

@@ -5,4 +5,4 @@ assert: aBlock gives: aString
 		fullDocument: true;
 		scriptGeneratorClass: self scriptGeneratorClass;
 		render: aBlock.
-	self assert: aString = html
+	self assert: aString equals: html