search

arnaud-lb / MtHaml

Multi target HAML (HAML for PHP, Twig, <your language here>)
Other
359 stars 54 forks source link

Attributes are always escaped #46

Closed withjam closed 10 years ago

withjam commented 11 years ago

Even when disabling escaper and setting escape_attrs to false, dynamic attributes are always escaped in resultant php/html file. Here is my environment options:

array('enable_escaper' => false, 'escape_attrs' => false)

Haml: %div(class="#{body_class()}") %p test

Output: <div <?php echo MtHaml\Runtime::renderAttributes(array(array('class', (body_class()))), 'html5', 'UTF-8'); ?>> <p>test</p> </div>

I would expect it to work just as disabling escaper worked, where the echo is left in directly. So the output would be closer to <div class="<?php echo body_class(); ?>">

scil commented 10 years ago

maybe you could checkout project MtHamlMore,it's main feature is to defined haml snippets which is called by haml file . but there is an extra feature 'reduce runtime' , which aims to reduce the exist of 'MtHaml\Runtime' in compiled php string. maybe you could rewrite it to use option ''escape_attrs'

Mte90 commented 10 years ago

i confirm the problem

arnaud-lb commented 10 years ago

What's the use-case for outputing raw HTML code in a attribute value ?

Mte90 commented 10 years ago

This code: 

%link{ :href=>"#{esc_url(get_feed_link())}", :rel=>"alternate", :title=>"#{get_bloginfo('name')} Feed", :type=>"application/rss+xml"}

Insert the code [...]MtHaml\Runtime::renderAttributes[...] with enable_scaper false...

Mte90 commented 10 years ago

For fix it i'm working on the renderDynamicAttributes in the phprender.php file.

protected function renderDynamicAttributes(Tag $tag)
    {
        $list = array();
        $n = 0;

        $this->setEchoMode(false);

        foreach ($tag->getAttributes() as $attr) {

            if (0 !== $n) {
                //$this->raw(', ');
            }

            $this->raw(' ');
            //str_replace("'",'',$attr->getName()->accept($this));
            $this->raw('=');
            $pog = $attr->getValue()->accept($this);
            if($pog[0]=='(') {
                $this->raw(' <?php ');
                trim($pog);
                $this->raw(' ?>');
            } else {
                $attr->getValue()->accept($this);
            }

            ++$n;
        }

        $this->setEchoMode(true);
    }

The code it's not finished but it's an horror hack XD

amouhzi commented 10 years ago

fixed in this pull request: https://github.com/arnaud-lb/MtHaml/pull/55