fix: escape constant attribute Go strings (#725)

Co-authored-by: Robert Kolmos <robertkolmos@gmail.com>
a-h · May 6, 2024 · 89f216e · 89f216e
1 parent 702c106
commit 89f216e
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 1 deletion.
diff --git a/generator/generator.go b/generator/generator.go
@@ -1082,7 +1082,8 @@ func (g *generator) writeBoolConstantAttribute(indentLevel int, attr parser.Bool
 func (g *generator) writeConstantAttribute(indentLevel int, attr parser.ConstantAttribute) (err error) {
 	name := html.EscapeString(attr.Name)
 	value := html.EscapeString(attr.Value)
-	value = strings.ReplaceAll(value, "\n", "\\n")
+	value = strconv.Quote(value)
+	value = value[1 : len(value)-1]
 	if _, err = g.w.WriteStringLiteral(indentLevel, fmt.Sprintf(` %s=\"%s\"`, name, value)); err != nil {
 		return err
 	}

diff --git a/generator/test-constant-attribute-escaping/expected.html b/generator/test-constant-attribute-escaping/expected.html
@@ -0,0 +1,17 @@
+<div>
+    <!-- valid go escape sequences -->
+    <input pattern="\a"/>
+    <input pattern="\b"/>
+    <input pattern="\f"/>
+    <input pattern="\n"/>
+    <input pattern="\r"/>
+    <input pattern="\t"/>
+    <input pattern="\v"/>
+    <input pattern="\\"/>
+    <input pattern="\777"/>
+    <input pattern="\xFF"/>
+    <input pattern="\u00FF"/>
+    <input pattern="\u00FF\u00FF\u00FF"/>
+    <!-- invalid go escape sequences -->
+    <input pattern="\s"/>
+</div>
diff --git a/generator/test-constant-attribute-escaping/render_test.go b/generator/test-constant-attribute-escaping/render_test.go
@@ -0,0 +1,23 @@
+package testconstantattributeescaping
+
+import (
+	_ "embed"
+	"testing"
+
+	"github.com/a-h/templ/generator/htmldiff"
+)
+
+//go:embed expected.html
+var expected string
+
+func Test(t *testing.T) {
+	component := BasicTemplate()
+
+	diff, err := htmldiff.Diff(component, expected)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if diff != "" {
+		t.Error(diff)
+	}
+}
diff --git a/generator/test-constant-attribute-escaping/template.templ b/generator/test-constant-attribute-escaping/template.templ
@@ -0,0 +1,21 @@
+package testconstantattributeescaping
+
+templ BasicTemplate() {
+	<div>
+		<!-- valid go escape sequences -->
+		<input pattern="\a"/>
+		<input pattern="\b"/>
+		<input pattern="\f"/>
+		<input pattern="\n"/>
+		<input pattern="\r"/>
+		<input pattern="\t"/>
+		<input pattern="\v"/>
+		<input pattern="\\"/>
+		<input pattern="\777"/>
+		<input pattern="\xFF"/>
+		<input pattern="\u00FF"/>
+		<input pattern="\u00FF\u00FF\u00FF"/>
+		<!-- invalid go escape sequences -->
+		<input pattern="\s"/>
+	</div>
+}
diff --git a/generator/test-constant-attribute-escaping/template_templ.go b/generator/test-constant-attribute-escaping/template_templ.go