- Issue created by @b.khouy
- Merge request !202Issue #3473621 by b.khouy, just_like_good_vibes, pdureau: The regexp for attribute props should allow more characters → (Merged) created by b.khouy
- Issue was unassigned.
- Status changed to Needs review
2 months ago 3:57pm 11 September 2024 - Assigned to pdureau
- Issue was unassigned.
- Status changed to Needs work
2 months ago 11:08am 12 September 2024 - 🇫🇷France pdureau Paris
I may be OK to merge it but I am still a bit surprised than you prefer to opt-in the allowed characters rather than opt-out the forbidden characters.
Here, you are allowing any characters expected in a tailwind class name. But AttributeProp is not only for classes, it is also for any other HTML attribute:
class="[&_img]:rounded [&_*]:bg-primary" title="Hello, my world" href="https://www.drupal.org/?foo&bar"So why not replacing the white list by something catching all characters except the forbidden ones?
- double quotes, because it is our delimiter
- https://html.spec.whatwg.org/#syntax-ambiguous-ampersand
- something else?
- 🇲🇦Morocco b.khouy 🇲🇦 Morocco
@pdureau
I've revised the regex for attribute values to exclude forbidden characters. Typically, these forbidden characters include quotes (") and encoded HTML characters such as &, <, etc.
Here is the updated regex for attribute values:$double_quoted_value = '"(?!.*&[a-zA-Z0-9]+\;)[^"]*"'; - Status changed to Needs review
2 months ago 6:22pm 13 September 2024 - First commit to issue fork.
- Assigned to pdureau
- 🇫🇷France just_like_good_vibes PARIS
hello guys, i added the code to only discard double quotes as requested (and not work around a whitelist as this was the case before i came in).
i also added a piece of code, to handle the component form unfolding in case of errors.
please Review Pierre. - Issue was unassigned.
- Status changed to Fixed
2 months ago 9:31pm 13 September 2024 - Status changed to Fixed
2 months ago 7:23pm 15 September 2024