From 624c83b680853a5d653240e3d942fa281a142cc5 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sat, 23 May 2020 17:57:19 -0400
Subject: [PATCH] Automatically appending the html escape filter on the
 renderer side.

---
 js/test_cases/filters/main.dust |  6 ++++++
 src/renderer/renderer.rs        | 24 +++++++++++++++++++++---
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/js/test_cases/filters/main.dust b/js/test_cases/filters/main.dust
index 80fa99a..3fe4c40 100644
--- a/js/test_cases/filters/main.dust
+++ b/js/test_cases/filters/main.dust
@@ -1,4 +1,9 @@
 Special characters: {special_characters}{~n}
+Special characters html escaping disabled: {special_characters|s}{~n}
+Special characters html escaping disabled and enabled: {special_characters|s|h}{~n}
+Special characters html escaping enabled and disabled: {special_characters|h|s}{~n}
+Special characters html escaped twice: {special_characters|h|h}{~n}
+
 
 Object string parsed: {string|jp}{~n}
 Object string parsed and stringified: {string|jp|js}{~n}
@@ -13,3 +18,4 @@ Object html escaped: {object|h}{~n}
 Object html escaping disabled: {object|s}{~n}
 Object stringified: {object|js}{~n}
 Object stringified and parsed: {object|js|jp}{~n}
+Object stringified, html escaping disabled, parsed, stringified, and html escaped: {object|js|s|jp|js|h}{~n}
diff --git a/src/renderer/renderer.rs b/src/renderer/renderer.rs
index 1546e12..0c25eae 100644
--- a/src/renderer/renderer.rs
+++ b/src/renderer/renderer.rs
@@ -6,7 +6,7 @@ use crate::parser::PartialNameElement;
 use crate::parser::RValue;
 use crate::parser::Special;
 use crate::parser::Template;
-use crate::parser::TemplateElement;
+use crate::parser::{Filter, TemplateElement};
 use crate::renderer::context_element::ContextElement;
 use crate::renderer::errors::CompileError;
 use crate::renderer::errors::RenderError;
@@ -15,7 +15,7 @@ use crate::renderer::inline_partial_tree::extract_inline_partials;
 use crate::renderer::inline_partial_tree::InlinePartialTreeElement;
 use crate::renderer::parameters_context::ParametersContext;
 use crate::renderer::walking::walk_path;
-use std::{cmp::Ordering, collections::HashMap};
+use std::collections::HashMap;
 
 #[derive(Clone, Debug)]
 pub struct CompiledTemplate<'a> {
@@ -153,7 +153,7 @@ impl<'a> DustRenderer<'a> {
                         if loop_elements.is_empty() {
                             return Ok("".to_owned());
                         } else {
-                            return final_val.render(&reference.filters);
+                            return final_val.render(&Self::preprocess_filters(&reference.filters));
                         }
                     }
                 }
@@ -500,6 +500,24 @@ impl<'a> DustRenderer<'a> {
             },
         }
     }
+
+    fn preprocess_filters(filters: &Vec<Filter>) -> Vec<Filter> {
+        let mut final_filters: Vec<Filter> = filters
+            .into_iter()
+            .filter(|f| f != &&Filter::DisableHtmlEncode)
+            .map(|f| f.clone())
+            .collect();
+
+        // If the user has not specified any escaping filter (|s or
+        // |h), automatically add an html escape filter
+        if !filters
+            .iter()
+            .any(|f| f == &Filter::DisableHtmlEncode || f == &Filter::HtmlEncode)
+        {
+            final_filters.push(Filter::HtmlEncode);
+        }
+        final_filters
+    }
 }
 
 #[cfg(test)]