If a template has an HTML element attribute with just a static string, then HTML entities are decoded, but if there's a mustache in the attribute, then the HTML entities are not decoded. For example, attr="&" will have & decoded to &, but attr="&{{''}}" will not have it decoded, see that example in the Ractive Playground.
if (value.length === 1 && isString(value[0])) {
return decodeCharacterReferences(value[0]);
}
The code could decode all static strings, like this (thanks @GabeSchaffer for this suggested fix):
// decode HTML entities for each static string within an attribute
for (var i in value) {
if (isString(value[i])) {
value[i] = decodeCharacterReferences(value[i]);
}
}
if (value.length === 1 && isString(value[0])) {
return value[0];
}
Description:
If a template has an HTML element attribute with just a static string, then HTML entities are decoded, but if there's a mustache in the attribute, then the HTML entities are not decoded. For example,
attr="&"
will have&
decoded to&
, butattr="&{{''}}"
will not have it decoded, see that example in the Ractive Playground.Versions affected:
Maybe all? The problem is in src/parse/converters/element/readAttribute.js, since it only calls
decodeCharacterReferences()
whenvalue.length === 1 && isString(value[0])
.Platforms affected:
All.
Suggested fix:
Instead of this:
The code could decode all static strings, like this (thanks @GabeSchaffer for this suggested fix):