Automatically appending the html escape filter on the renderer side.

4 years ago · 624c83b680
parent 6a9fe9e1be
commit 624c83b680
2 changed files with 27 additions and 3 deletions
--- a/js/test_cases/filters/main.dust
+++ b/js/test_cases/filters/main.dust
@ -1,4 +1,9 @@
 Special characters: {special_characters}{~n}
+Special characters html escaping disabled: {special_characters|s}{~n}
+Special characters html escaping disabled and enabled: {special_characters|s|h}{~n}
+Special characters html escaping enabled and disabled: {special_characters|h|s}{~n}
+Special characters html escaped twice: {special_characters|h|h}{~n}
+

 Object string parsed: {string|jp}{~n}
 Object string parsed and stringified: {string|jp|js}{~n}
@ -13,3 +18,4 @@ Object html escaped: {object|h}{~n}
 Object html escaping disabled: {object|s}{~n}
 Object stringified: {object|js}{~n}
 Object stringified and parsed: {object|js|jp}{~n}
+Object stringified, html escaping disabled, parsed, stringified, and html escaped: {object|js|s|jp|js|h}{~n}
--- a/src/renderer/renderer.rs
+++ b/src/renderer/renderer.rs
@ -6,7 +6,7 @@ use crate::parser::PartialNameElement;
 use crate::parser::RValue;
 use crate::parser::Special;
 use crate::parser::Template;
-use crate::parser::TemplateElement;
+use crate::parser::{Filter, TemplateElement};
 use crate::renderer::context_element::ContextElement;
 use crate::renderer::errors::CompileError;
 use crate::renderer::errors::RenderError;
@ -15,7 +15,7 @@ use crate::renderer::inline_partial_tree::extract_inline_partials;
 use crate::renderer::inline_partial_tree::InlinePartialTreeElement;
 use crate::renderer::parameters_context::ParametersContext;
 use crate::renderer::walking::walk_path;
-use std::{cmp::Ordering, collections::HashMap};
+use std::collections::HashMap;

 #[derive(Clone, Debug)]
 pub struct CompiledTemplate<'a> {
@ -153,7 +153,7 @@ impl<'a> DustRenderer<'a> {
                        if loop_elements.is_empty() {
                            return Ok("".to_owned());
                        } else {
-                            return final_val.render(&reference.filters);
+                            return final_val.render(&Self::preprocess_filters(&reference.filters));
                        }
                    }
                }
@ -500,6 +500,24 @@ impl<'a> DustRenderer<'a> {
            },
        }
    }
+
+    fn preprocess_filters(filters: &Vec<Filter>) -> Vec<Filter> {
+        let mut final_filters: Vec<Filter> = filters
+            .into_iter()
+            .filter(|f| f != &&Filter::DisableHtmlEncode)
+            .map(|f| f.clone())
+            .collect();
+
+        // If the user has not specified any escaping filter (|s or
+        // |h), automatically add an html escape filter
+        if !filters
+            .iter()
+            .any(|f| f == &Filter::DisableHtmlEncode || f == &Filter::HtmlEncode)
+        {
+            final_filters.push(Filter::HtmlEncode);
+        }
+        final_filters
+    }
 }

 #[cfg(test)]