diff --git a/Sources/TokamakStaticHTML/Sanitizer.swift b/Sources/TokamakStaticHTML/Sanitizer.swift index 33a7bbf02..c1bfdede1 100644 --- a/Sources/TokamakStaticHTML/Sanitizer.swift +++ b/Sources/TokamakStaticHTML/Sanitizer.swift @@ -61,7 +61,7 @@ enum Sanitizers { static let h: RegularExpression = #"[0-9a-f]"# /// `[\240-\377]` - static let nonAscii: RegularExpression = #"[\240-\377]"# + static let nonAscii: RegularExpression = #"[\0240-\0377]"# /// `\\{h}{1,6}(\r\n|[ \t\r\n\f])?` static let unicode: RegularExpression = #"\\\#(h){1,6}(\r\n|[ \t\r\n\f])?"# @@ -75,9 +75,11 @@ enum Sanitizers { static let nmChar: RegularExpression = #"[_a-z0-9-]|\#(nonAscii)|\#(escape)"# /// `\"([^\n\r\f\\"]|\\{nl}|{escape})*\"` - static let string1: RegularExpression = #"\"([^\n\r\f\\"]|\\\#(nl)|\#(escape))*\""# + static let string1Content: RegularExpression = #"([^\n\r\f\\"]|\\\#(nl)|\#(escape))*"# + static let string1: RegularExpression = #""\#(string1Content)""# /// `\'([^\n\r\f\\']|\\{nl}|{escape})*\'` - static let string2: RegularExpression = #"\'([^\n\r\f\\']|\\\#(nl)|\#(escape))*\'"# + static let string2Content: RegularExpression = #"([^\n\r\f\\']|\\\#(nl)|\#(escape))*"# + static let string2: RegularExpression = #"'\#(string2Content)'"# /// `-?{nmstart}{nmchar}*` static let ident: RegularExpression = #"-?\#(nmStart)\#(nmChar)*"# @@ -105,12 +107,13 @@ enum Sanitizers { } static func sanitize(_ input: String) -> String { - ( + """ + '\( Parsers.string1.matches(input) - ? Parsers.string1.filter(input) - : Parsers.string2.filter(input) - ) - .replacingOccurrences(of: "\"", with: """) + ? Parsers.string1Content.filter(input) + : Parsers.string2Content.filter(input) + .replacingOccurrences(of: "\"", with: """))' + """ } } } diff --git a/Tests/TokamakStaticHTMLTests/SanitizerTests.swift b/Tests/TokamakStaticHTMLTests/SanitizerTests.swift index c212ba3b2..b47df4aeb 100644 --- a/Tests/TokamakStaticHTMLTests/SanitizerTests.swift +++ b/Tests/TokamakStaticHTMLTests/SanitizerTests.swift @@ -22,12 +22,13 @@ final class SanitizerTests: XCTestCase { XCTAssertTrue(Sanitizers.CSS.validate(string: "\'hello\'")) XCTAssertEqual(Sanitizers.CSS.sanitize(string: "'hello world'"), "'hello world'") - XCTAssertEqual(Sanitizers.CSS.sanitize(string: "\"hello world\""), ""hello world"") - XCTAssertEqual(Sanitizers.CSS.sanitize(string: "hello'''world"), "''") + XCTAssertEqual(Sanitizers.CSS.sanitize(string: "\"hello world\""), "'hello world'") + XCTAssertEqual(Sanitizers.CSS.sanitize(string: "hello'''world"), "'helloworld'") } func testCSSIdentifier() { XCTAssertFalse(Sanitizers.CSS.validate(identifier: "\"hey there\"")) + XCTAssertFalse(Sanitizers.CSS.validate(identifier: "1hey-there")) XCTAssertTrue(Sanitizers.CSS.validate(identifier: "hey-there")) XCTAssertTrue(Sanitizers.CSS.validate(identifier: "-hey-there2")) @@ -38,5 +39,6 @@ final class SanitizerTests: XCTestCase { func testCSSSanitizer() { XCTAssertEqual(Sanitizers.CSS.sanitize("hello world"), "'hello world'") + XCTAssertEqual(Sanitizers.CSS.sanitize("hello-world"), "hello-world") } }