Compiler: Fix HTML escaping for non-string values (#17)

digital-fabric · Apr 21, 2024 · 746dd3d · 746dd3d
1 parent 5548f8a
commit 746dd3d
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 3 deletions.
diff --git a/lib/papercraft/compiler.rb b/lib/papercraft/compiler.rb
@@ -56,7 +56,7 @@ def embed_visit(node, pre = '', post = '')
   end
 
   def html_embed_visit(node)
-    embed_visit(node, '#{CGI.escapeHTML(', ')}')
+    embed_visit(node, '#{CGI.escapeHTML((', ').to_s)}')
   end
 
   def tag_attr_embed_visit(node, key)

diff --git a/test/fixtures/expr_text_compiled.rb b/test/fixtures/expr_text_compiled.rb
@@ -1,3 +1,3 @@
 ->(__buffer__) {
-  __buffer__ << "<h1>#{CGI.escapeHTML("#{a.zoo} - zoo")}</h1>"
+  __buffer__ << "<h1>#{CGI.escapeHTML(("#{a.zoo} - zoo").to_s)}</h1>"
 }
diff --git a/test/fixtures/iteration.html b/test/fixtures/iteration.html
@@ -0,0 +1 @@
+<p>1</p><p>2</p><p>3</p><p>4</p>
diff --git a/test/fixtures/iteration_compiled.rb b/test/fixtures/iteration_compiled.rb
@@ -0,0 +1,5 @@
+->(__buffer__) {
+  items.each { |i|
+    __buffer__ << "<p>#{CGI.escapeHTML((i).to_s)}</p>"
+  }
+}
diff --git a/test/fixtures/iteration_source.rb b/test/fixtures/iteration_source.rb
@@ -0,0 +1,7 @@
+items = [1, 2, 3, 4]
+
+->() {
+  items.each { |i|
+    p i
+  }
+}
diff --git a/test/test_compiler.rb b/test/test_compiler.rb
@@ -26,7 +26,9 @@ class CompilerTest < Minitest::Test
       assert_equal compiled_src, compiled_code
 
       compiled_proc = eval(compiled_code, proc.binding)
-      assert_equal html, compiled_proc.call(+'')
+      compiled_html = +''
+      compiled_proc.call(compiled_html)
+      assert_equal html, compiled_html
     end
   end
 end