SLING-12325 - Improve parsing of tricky expressions

To detect the end of the expression properly, it isn't enough to look for
a closing brace, we also need to ensure that the brace is outside of a
string literal.

Author: csaboka

src/main/java/org/apache/sling/scripting/sightly/impl/html/dom/HtmlParser.java

@@ -72,6 +72,12 @@ private enum PARSE_STATE {
     /** Expression state constant */
     private static final int EXPR_MAYBE = 1;
 
+    /** Expression state constant */
+    private static final int EXPR_INSIDE_STRING = 2;
+
+    /** Expression state constant */
+    private static final int EXPR_INSIDE_STRING_AFTER_BACKSLASH = 3;
+
     static final Set<String> VOID_ELEMENTS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
             "area", "base", "br", "col", "embed", "hr", "img", "input", "link", "meta", "param", "source", "track",
             "wbr")));
@@ -403,17 +409,35 @@ private void update(final char[] buf, int len) throws IOException {
                     break;
 
                 case EXPRESSION:
-                    if (exprType == EXPR_MAYBE && c != '{') {
-                        // not a valid expression
-                        if (c == '<') {
-                            // reset to process tag correctly
-                            curr--;
+                    if (exprType == EXPR_MAYBE) {
+                        if (c == '{') {
+                            exprType = EXPR_NONE;
+                        } else {
+                            // not a valid expression
+                            if (c == '<') {
+                                // reset to process tag correctly
+                                curr--;
+                            }
+                            parseState = PARSE_STATE.OUTSIDE;
+                        }
+                    } else if (exprType == EXPR_NONE) {
+                        if (c == '}') {
+                            parseState = PARSE_STATE.OUTSIDE;
+                        } else if (c == '"' || c == '\'') {
+                            exprType = EXPR_INSIDE_STRING;
+                            quoteChar = c;
+                        }
+                    } else if (exprType == EXPR_INSIDE_STRING) {
+                        if (c == '\\') {
+                            exprType = EXPR_INSIDE_STRING_AFTER_BACKSLASH;
+                        } else if (c == quoteChar) {
+                            exprType = EXPR_NONE;
                         }
-                        parseState = PARSE_STATE.OUTSIDE;
-                    } else if (c == '}') {
-                        parseState = PARSE_STATE.OUTSIDE;
+                    } else {
+                        assert exprType == EXPR_INSIDE_STRING_AFTER_BACKSLASH;
+                        // ignore whatever came after the backslash and stay inside the string
+                        exprType = EXPR_INSIDE_STRING;
                     }
-                    exprType = EXPR_NONE;
                     break;
                 default:
                     break;

src/test/java/org/apache/sling/scripting/sightly/impl/compiler/SightlyCompilerTest.java

@@ -238,6 +238,14 @@ public void testUriManipulationDataSlyUse() {
         assertTrue(secondArgument instanceof MapLiteral);
     }
 
+    @Test
+    public void testMarkupInStringLiteral() {
+        CompilationResult result = compileFile("/markup-in-string-literal.html");
+        assertTrue(
+                "Didn't expect any warnings or errors.",
+                result.getErrors().isEmpty() && result.getWarnings().isEmpty());
+    }
+
     private CompilationResult compileFile(final String file) {
         InputStream stream = this.getClass().getResourceAsStream(file);
         final Reader reader = new InputStreamReader(stream);

src/test/java/org/apache/sling/scripting/sightly/impl/html/dom/HtmlParserTest.java

@@ -244,6 +244,29 @@ public void testExplicitlyClosedElements() throws IOException {
                 handler.onStartElementInvocations);
     }
 
+    @Test
+    public void testTrickyStringLiterals() throws IOException {
+        String[] testStrings = new String[] {
+            "${'easy case'}",
+            "${'looks like <html> but isn\\'t}",
+            "${'not over yet } but now it's over'}",
+            "${'not over } <br> now it's over'}",
+            "${'brace } <html> } escaped apos \\' } done'}",
+            "${\"brace } <html> } escaped quote \\\" } done\"}"
+        };
+
+        for (String testString : testStrings) {
+            Template reference = new Template();
+            reference.addChild(new TemplateTextNode(testString));
+
+            TemplateParser.TemplateParserContext context = new TemplateParser.TemplateParserContext();
+            HtmlParser.parse(new StringReader(testString), context);
+            Template parsed = context.getTemplate();
+
+            assertSameStructure(reference, parsed);
+        }
+    }
+
     abstract class AbstractDocumentHandler implements DocumentHandler {
 
         private String lastProcessedTag;

src/test/resources/markup-in-string-literal.html

@@ -0,0 +1,19 @@
+<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
+${'Click <a href="{0}">here</a> to learn more' @ format='https://example.com/'}