Escape HTML text and attributes

seanhess / web-view

Typed HTML with simplified layout, and easy composable styles. Inspired by Tailwindcss and Elm UI

Other

32 stars 1 forks source link

Escape HTML text and attributes #3

Closed kfigiela closed 2 weeks ago

kfigiela commented 1 month ago

Added golden tests for that. This is basically allowed code injection if user-provided data was rendered. I wonder if there are other cases it can break.

Also:

do not render empty class definitions
do not render empty <style> tags
formatted changed files with fourmolu

seanhess commented 3 weeks ago

Super necessary. Thanks for working on this!

seanhess commented 3 weeks ago

@kfigiela did you notice the review on this?

kfigiela commented 3 weeks ago

I don't see any comments. Any chance you forgot to submit review batch?

seanhess commented 3 weeks ago

How is that? Showing up now?

kfigiela commented 3 weeks ago

Yup. I'm gonna be pretty much offline for a few days. Will respond and address the comments next week.

seanhess commented 2 weeks ago

Looks good, thanks for your help!