Fix bug propagating identity encoder in raw_html/2
#603
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ypconstante
reviewed
Dec 5, 2024
|
@andyleclair good call! Thank you! |
|
Thank you @philss! I'd love it if you didn't mind cutting a release with this fix in it. |
|
@andyleclair sure! I did a minor version release: |
|
@philss perfect, thank you so much! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi! We noticed a bug when going to upgrade Floki. It seems that any tag that is set to the
identityencoder would propagate that encoder through the rest of the tree (instead of just to its' children). I've added a test case here taken from some real Appcues content that triggers this behavior. Without this fix, it's very possible for Floki to emit broken HTML. If you parse anyscriptorstyle, tag, the identity encoder would be applied, which would in this case, emit an un-escapeddata-attrs-eventtag (even if escaping is explicitly enabled!). I'm dubious on if it's the duty to handle not decoding the entities in the parser, but I'm 100% sure this is a bug as-is.