43081j / eslint-plugin-lit

lit-html support for ESLint
120 stars 22 forks source link

Wrongly detects unencoded HTML entities with one nesting of double quotes and quotes #74

Closed sanmai-NL closed 3 years ago

sanmai-NL commented 3 years ago

attribute values may not contain unencoded HTML entities, e.g. use > instead of >

image

While this works:

const test = html`<component-blo test="['test']">Bla</component-blo>`;
sanmai-NL commented 3 years ago

Another example where the same error is thrown incorrectly:

<a href="https://tasks.office.com/test.onmicrosoft.com/NL-NL/Home/Planner#/plantaskboard?groupId=fc6fdef6-3dbb-4155-a4ed-a65e4cdadd12&planId=CAby-9tdR06SEiFFGkHtIJcAB2iv">
Test plan
</a>
43081j commented 3 years ago

The double quotes will be because the regex is a bit 'dumb'.

The HTML spec from what i remember defines:

So i think the rule just needs tweaking a bit to differentiate between these two cases.

Your second one is because ampersands must also be encoded as per the spec (as &amp;).

Spec states:

The attribute value must delimited by double-quote characters (") before and after the value, and must not contain any double-quote characters or an ambiguous ampersands in between To include a double-quote character within the value, either use a character reference ("), or use a single-quoted attribute value instead

and

The attribute value must delimited by single-quote characters (') before and after the value, and must not contain any single-quote characters or an ambiguous ampersands in between To include a single-quote (or apostrophe) character within the value, either use a character reference ('), or use a double-quoted attribute value instead.

You can test it out btw by calling setAttribute with your unencoded value and seeing what ultimately ends up in the outerHTML of the element.