SLING-12325 - Improve parsing of tricky expressions

To detect the end of the expression properly, it isn't enough to look for
a closing brace, we also need to ensure that the brace is outside of a
string literal.

Author: csaboka

src/main/java/org/apache/sling/scripting/sightly/impl/html/dom/HtmlParser.java

@@ -72,6 +72,12 @@ private enum PARSE_STATE {
     /** Expression state constant */
     private final static int EXPR_MAYBE = 1;
 
+    /** Expression state constant */
+    private final static int EXPR_INSIDE_STRING = 2;
+
+    /** Expression state constant */
+    private final static int EXPR_INSIDE_STRING_AFTER_BACKSLASH = 3;
+
     final static Set<String> VOID_ELEMENTS = Collections.unmodifiableSet(new HashSet<>(
             Arrays.asList("area", "base", "br", "col", "embed", "hr", "img", "input", "link", "meta", "param", "source", "track", "wbr")));
 
@@ -398,17 +404,35 @@ private void update(final char[] buf, int len) throws IOException {
                 break;
 
             case EXPRESSION:
-                if (exprType == EXPR_MAYBE && c != '{') {
-                    // not a valid expression
-                    if (c == '<') {
-                        //reset to process tag correctly
-                        curr--;
+                if (exprType == EXPR_MAYBE) {
+                    if (c == '{') {
+                        exprType = EXPR_NONE;
+                    } else {
+                        // not a valid expression
+                        if (c == '<') {
+                            //reset to process tag correctly
+                            curr--;
+                        }
+                        parseState = PARSE_STATE.OUTSIDE;
+                    }
+                } else if (exprType == EXPR_NONE) {
+                    if (c == '}') {
+                        parseState = PARSE_STATE.OUTSIDE;
+                    } else if (c == '"' || c == '\'') {
+                        exprType = EXPR_INSIDE_STRING;
+                        quoteChar = c;
+                    }
+                } else if (exprType == EXPR_INSIDE_STRING) {
+                    if (c == '\\') {
+                        exprType = EXPR_INSIDE_STRING_AFTER_BACKSLASH;
+                    } else if (c == quoteChar) {
+                        exprType = EXPR_NONE;
                     }
-                    parseState = PARSE_STATE.OUTSIDE;
-                } else if (c == '}') {
-                    parseState = PARSE_STATE.OUTSIDE;
+                } else {
+                    assert exprType == EXPR_INSIDE_STRING_AFTER_BACKSLASH;
+                    // ignore whatever came after the backslash and stay inside the string
+                    exprType = EXPR_INSIDE_STRING;
                 }
-                exprType = EXPR_NONE;
                 break;
             default:
                 break;

src/test/java/org/apache/sling/scripting/sightly/impl/compiler/SightlyCompilerTest.java

@@ -208,6 +208,12 @@ public void testUriManipulationDataSlyUse() {
         assertTrue(secondArgument instanceof MapLiteral);
     }
 
+    @Test
+    public void testMarkupInStringLiteral() {
+        CompilationResult result = compileFile("/markup-in-string-literal.html");
+        assertTrue("Didn't expect any warnings or errors.", result.getErrors().isEmpty() && result.getWarnings().isEmpty());
+    }
+
     private CompilationResult compileFile(final String file) {
         InputStream stream = this.getClass().getResourceAsStream(file);
         final Reader reader = new InputStreamReader(stream);

src/test/java/org/apache/sling/scripting/sightly/impl/html/dom/HtmlParserTest.java

@@ -232,6 +232,29 @@ public void testExplicitlyClosedElements() throws IOException {
                 handler.onStartElementInvocations);
     }
 
+    @Test
+    public void testTrickyStringLiterals() throws IOException {
+        String[] testStrings = new String[] {
+                "${'easy case'}",
+                "${'looks like <html> but isn\\'t}",
+                "${'not over yet } but now it's over'}",
+                "${'not over } <br> now it's over'}",
+                "${'brace } <html> } escaped apos \\' } done'}",
+                "${\"brace } <html> } escaped quote \\\" } done\"}"
+        };
+
+        for (String testString : testStrings) {
+            Template reference = new Template();
+            reference.addChild(new TemplateTextNode(testString));
+
+            TemplateParser.TemplateParserContext context = new TemplateParser.TemplateParserContext();
+            HtmlParser.parse(new StringReader(testString), context);
+            Template parsed = context.getTemplate();
+
+            assertSameStructure(reference, parsed);
+        }
+    }
+
     abstract class AbstractDocumentHandler implements DocumentHandler {
 
         private String lastProcessedTag;

src/test/resources/markup-in-string-literal.html

@@ -0,0 +1,19 @@
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+${'Click <a href="{0}">here</a> to learn more' @ format='https://example.com/'}