feat(parser): add html entities support

- use [html-entities](https://github.com/mdevils/node-html-entities) lib fix #9
baptooo · Jan 18, 2018 · 850080b · 850080b
1 parent d449638
commit 850080b
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -5,6 +5,7 @@
   "license": "MIT",
   "dependencies": {
     "himalaya": "^1.0.0",
+    "html-entities": "^1.2.1",
     "react": "^16.2.0"
   },
   "devDependencies": {

diff --git a/src/__snapshots__/safelySetInnerHTML.test.js.snap b/src/__snapshots__/safelySetInnerHTML.test.js.snap
@@ -1,5 +1,17 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
+exports[`SafelySetInnerHTML ASCII chars should render Espace&nbsp;insécable properly 1`] = `
+<p>
+  Espace insécable
+</p>
+`;
+
+exports[`SafelySetInnerHTML ASCII chars should render L&#8217;arbre est vert properly 1`] = `
+<p>
+  L’arbre est vert
+</p>
+`;
+
 exports[`SafelySetInnerHTML XSS attack prevention should prevent basic XSS attacks 1`] = `
 <div>
   

diff --git a/src/safelySetInnerHTML.js b/src/safelySetInnerHTML.js
@@ -1,6 +1,7 @@
 import React from 'react';
 import {parse} from 'himalaya';
 import warning from './warning';
+import { AllHtmlEntities } from 'html-entities';
 
 class SafelySetInnerHTML {
   /**
@@ -56,7 +57,7 @@ class SafelySetInnerHTML {
   }) {
     const { ALLOWED_TAGS, KEY_NAME } = this.config;
     // Group children and content case in one reference
-    const innerContent = children.length ? children.map(this.generateDom) : content;
+    const innerContent = children.length ? children.map(this.generateDom) : AllHtmlEntities.decode(content);
 
     if (type === 'element' && ALLOWED_TAGS.includes(tagName)) {
       warning(tagName);

diff --git a/src/safelySetInnerHTML.test.js b/src/safelySetInnerHTML.test.js
@@ -170,6 +170,21 @@ describe('SafelySetInnerHTML', () => {
     })
   });
 
+  describe('ASCII chars', () => {
+    [
+      'L&#8217;arbre est vert',
+      'Espace&nbsp;insécable'
+    ].map((testCase) => (
+      it(`should render ${testCase} properly`, () => {
+        const instance = new SafelySetInnerHTML();
+        const dom = instance.transform(testCase);
+        const tree = renderer.create(<p>{dom}</p>).toJSON();
+
+        expect(tree).toMatchSnapshot();
+      })
+    ));
+  });
+
   describe('empty elements', () => {
     it('should render br', () => {
       const instance = new SafelySetInnerHTML({ ALLOWED_TAGS: ['br'] });

diff --git a/yarn.lock b/yarn.lock
@@ -1811,6 +1811,10 @@ html-encoding-sniffer@^1.0.1:
   dependencies:
     whatwg-encoding "^1.0.1"
 
+html-entities@^1.2.1:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/html-entities/-/html-entities-1.2.1.tgz#0df29351f0721163515dfb9e5543e5f6eed5162f"
+
 http-signature@~1.1.0:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.1.1.tgz#df72e267066cd0ac67fb76adf8e134a8fbcf91bf"