Fix sanitizier behavior

TokamakUI · Jul 10, 2021 · d91dacf · d91dacf
1 parent 9e0986f
commit d91dacf
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/Sources/TokamakStaticHTML/Sanitizer.swift b/Sources/TokamakStaticHTML/Sanitizer.swift
@@ -61,7 +61,7 @@ enum Sanitizers {
       static let h: RegularExpression = #"[0-9a-f]"#
 
       /// `[\240-\377]`
-      static let nonAscii: RegularExpression = #"[\240-\377]"#
+      static let nonAscii: RegularExpression = #"[\0240-\0377]"#
 
       /// `\\{h}{1,6}(\r\n|[ \t\r\n\f])?`
       static let unicode: RegularExpression = #"\\\#(h){1,6}(\r\n|[ \t\r\n\f])?"#
@@ -75,9 +75,11 @@ enum Sanitizers {
       static let nmChar: RegularExpression = #"[_a-z0-9-]|\#(nonAscii)|\#(escape)"#
 
       /// `\"([^\n\r\f\\"]|\\{nl}|{escape})*\"`
-      static let string1: RegularExpression = #"\"([^\n\r\f\\"]|\\\#(nl)|\#(escape))*\""#
+      static let string1Content: RegularExpression = #"([^\n\r\f\\"]|\\\#(nl)|\#(escape))*"#
+      static let string1: RegularExpression = #""\#(string1Content)""#
       /// `\'([^\n\r\f\\']|\\{nl}|{escape})*\'`
-      static let string2: RegularExpression = #"\'([^\n\r\f\\']|\\\#(nl)|\#(escape))*\'"#
+      static let string2Content: RegularExpression = #"([^\n\r\f\\']|\\\#(nl)|\#(escape))*"#
+      static let string2: RegularExpression = #"'\#(string2Content)'"#
 
       /// `-?{nmstart}{nmchar}*`
       static let ident: RegularExpression = #"-?\#(nmStart)\#(nmChar)*"#
@@ -105,12 +107,13 @@ enum Sanitizers {
       }
 
       static func sanitize(_ input: String) -> String {
-        (
+        """
+        '\(
           Parsers.string1.matches(input)
-            ? Parsers.string1.filter(input)
-            : Parsers.string2.filter(input)
-        )
-        .replacingOccurrences(of: "\"", with: "&quot;")
+            ? Parsers.string1Content.filter(input)
+            : Parsers.string2Content.filter(input)
+            .replacingOccurrences(of: "\"", with: "&quot;"))'
+        """
       }
     }
   }

diff --git a/Tests/TokamakStaticHTMLTests/SanitizerTests.swift b/Tests/TokamakStaticHTMLTests/SanitizerTests.swift
@@ -22,12 +22,13 @@ final class SanitizerTests: XCTestCase {
     XCTAssertTrue(Sanitizers.CSS.validate(string: "\'hello\'"))
 
     XCTAssertEqual(Sanitizers.CSS.sanitize(string: "'hello world'"), "'hello world'")
-    XCTAssertEqual(Sanitizers.CSS.sanitize(string: "\"hello world\""), "&quot;hello world&quot;")
-    XCTAssertEqual(Sanitizers.CSS.sanitize(string: "hello'''world"), "''")
+    XCTAssertEqual(Sanitizers.CSS.sanitize(string: "\"hello world\""), "'hello world'")
+    XCTAssertEqual(Sanitizers.CSS.sanitize(string: "hello'''world"), "'helloworld'")
   }
 
   func testCSSIdentifier() {
     XCTAssertFalse(Sanitizers.CSS.validate(identifier: "\"hey there\""))
+    XCTAssertFalse(Sanitizers.CSS.validate(identifier: "1hey-there"))
     XCTAssertTrue(Sanitizers.CSS.validate(identifier: "hey-there"))
     XCTAssertTrue(Sanitizers.CSS.validate(identifier: "-hey-there2"))
 
@@ -38,5 +39,6 @@ final class SanitizerTests: XCTestCase {
 
   func testCSSSanitizer() {
     XCTAssertEqual(Sanitizers.CSS.sanitize("hello world"), "'hello world'")
+    XCTAssertEqual(Sanitizers.CSS.sanitize("hello-world"), "hello-world")
   }
 }