Merge pull request #22 from krux/josh-reproduce-escape-error

Fix `""` escaping
krux · Apr 23, 2016 · 2158c85 · 2158c85
2 parents 16baad9 + c0d8fe3
commit 2158c85
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 1.0.6 - 2016-04-22
+### Fixed
+- fix: we were escaping `""` to `\""`
+
 ## 1.0.3 - 2016-04-13
 ### Changed
 - chore: tidy the configuration files and testing setup

diff --git a/gulpfile.babel.js b/gulpfile.babel.js
@@ -135,7 +135,7 @@ gulp.task('test', test('coverage'));
 gulp.task('test:ci', test('ci'));
 gulp.task('test:coverage', test('coverage', false));
 gulp.task('test:cross-browser', test('sauce'));
-gulp.task('test:debug', test('coverage', true, {singleRun: false}));
+gulp.task('test:debug', test('nocoverage', true, {singleRun: false}));
 gulp.task('test:nocoverage', test('nocoverage', false));
 
 gulp.task('tdd', ['test:nocoverage'], () => {

diff --git a/src/utils.js b/src/utils.js
@@ -7,5 +7,9 @@
  * @returns {string}
  */
 export function escapeQuotes(value, defaultValue = '') {
-  return value ? value.replace(/(^|[^\\])"/g, '$1\\\"') : defaultValue;
+  // There's no lookback in JS, so /(^|[^\\])"/ only matches the first of two `"`s.
+  // Instead, just match anything before a double-quote and escape if it's not already escaped.
+  return !value ? defaultValue : value.replace(/([^"]*)"/g, (_, prefix) => {
+    return /\\/.test(prefix) ? `${prefix}"` : `${prefix}\\\"`;
+  });
 }
diff --git a/test/unit/attributes.spec.js b/test/unit/attributes.spec.js
@@ -104,6 +104,12 @@ describe('HtmlParser', () => {
 
       expect(str).to.equal('<div class="foo"/>');
     }));
+
+    it('parses escaped quotes', parses("<iframe onload='var s=\"\";'></iframe>", (tok, str) => {
+      expect(tok).to.have.property('tagName', 'iframe');
+      expect(tok.attrs).to.have.property('onload', 'var s="";');
+      expect(str).to.equal('<iframe onload="var s=\\"\\";"></iframe>');
+    }));
   });
 
 });
diff --git a/test/unit/utils.spec.js b/test/unit/utils.spec.js
@@ -0,0 +1,13 @@
+import {escapeQuotes} from '../../src/utils';
+
+describe('escapeQuotes', () => {
+  it('escapes quotes in js', () => {
+    expect(escapeQuotes('var s=""')).to.equal('var s=\\"\\"');
+    expect(escapeQuotes('"something"')).to.equal('\\"something\\"');
+    expect(escapeQuotes('"WAT')).to.equal('\\"WAT');
+  });
+
+  it("doesn't escape quotes that're already escaped", () => {
+    expect(escapeQuotes('\"WAT')).to.equal('\\"WAT');
+  });
+});