ractivejs/ractive

Inconsistent HTML entity decoding in attributes

ppena-LiveData opened this issue · 1 comments

Description:

If a template has an HTML element attribute with just a static string, then HTML entities are decoded, but if there's a mustache in the attribute, then the HTML entities are not decoded. For example, attr="&" will have & decoded to &, but attr="&{{''}}" will not have it decoded, see that example in the Ractive Playground.

Versions affected:

Maybe all? The problem is in src/parse/converters/element/readAttribute.js, since it only calls decodeCharacterReferences() when value.length === 1 && isString(value[0]).

Platforms affected:

All.

Suggested fix:

Instead of this:

  if (value.length === 1 && isString(value[0])) {
    return decodeCharacterReferences(value[0]);
  }

The code could decode all static strings, like this (thanks @GabeSchaffer for this suggested fix):

  // decode HTML entities for each static string within an attribute
  for (var i in value) {
    if (isString(value[i])) {
      value[i] = decodeCharacterReferences(value[i]);
    }
  }

  if (value.length === 1 && isString(value[0])) {
    return value[0];
  }

Thanks for the concise bug report with a very good breakdown of the problem and resolution! This should be resolved in 1.4.4.