ExpressionAttributeNode: utilizes HtmlHelpers/XmlHelpers::format*Attribute() functions

Author: dg

src/Latte/Compiler/Nodes/Html/ExpressionAttributeNode.php

@@ -14,6 +14,8 @@
 use Latte\Compiler\Nodes\Php\ModifierNode;
 use Latte\Compiler\Position;
 use Latte\Compiler\PrintContext;
+use Latte\ContentType;
+use Latte\Runtime as LR;
 
 
 class ExpressionAttributeNode extends AreaNode
@@ -30,17 +32,17 @@ public function __construct(
 
 	public function print(PrintContext $context): string
 	{
-		$escaper = $context->beginEscape();
-		$escaper->enterHtmlAttribute();
-		$res = $context->format(
-			'echo %dump; echo %modify(%node) %line; echo \'"\';',
-			$this->indentation . $this->name . '="',
+		$this->modifier->escape = false;
+		return $context->format(
+			'echo %raw(%dump, %modify(%node)) %line;',
+			$context->getEscaper()->getContentType() === ContentType::Html
+				? 'LR\HtmlHelpers::format' . ucfirst(LR\HtmlHelpers::classifyAttributeType($this->name)) . 'Attribute'
+				: 'LR\XmlHelpers::formatCommonAttribute',
+			$this->indentation . $this->name,
 			$this->modifier,
 			$this->value,
 			$this->value->position,
 		);
-		$context->restoreEscape();
-		return $res;
 	}
 
 

src/Latte/Runtime/HtmlHelpers.php

@@ -190,6 +190,24 @@ public static function formatAttribute(string $name, mixed $value): ?string
 	}
 
 
+	public static function classifyAttributeType(string $name): string
+	{
+		$name = strtolower($name);
+		return match (true) {
+			default => 'common',
+		};
+	}
+
+
+	/**
+	 * Formats common HTML attribute.
+	 */
+	public static function formatCommonAttribute(string $namePart, mixed $value): string
+	{
+		return $namePart . '="' . self::escapeAttr($value) . '"';
+	}
+
+
 	/**
 	 * Checks if the given tag name represents a void (empty) HTML element.
 	 */

src/Latte/Runtime/XmlHelpers.php

@@ -96,6 +96,12 @@ public static function formatAttribute(string $name, mixed $value): ?string
 	}
 
 
+	public static function formatCommonAttribute(string $namePart, mixed $value): string
+	{
+		return $namePart . '="' . self::escapeAttr($value) . '"';
+	}
+
+
 	/**
 	 * Checks that the HTML tag name can be changed.
 	 */

tests/common/Safe.url.phpt

@@ -74,7 +74,7 @@ Assert::match(
 
 
 Assert::contains(
-	'LR\HtmlHelpers::escapeAttr(($this->filters->checkUrl)(($this->filters->upper)($url1)))',
+	'LR\HtmlHelpers::formatCommonAttribute(\' href\', ($this->filters->checkUrl)(($this->filters->upper)($url1)))',
 	$latte->compile('<a href="{$url1|upper}"></a>'),
 );
 

tests/common/expected/Compiler.unquoted.attrs.php

@@ -8,15 +8,14 @@ public function main(array $ʟ_args): void
 %A%
 		echo '<span title=hello></span>
 
-<span title="';
-		echo LR\HtmlHelpers::escapeAttr($x) /* line %d%:%d% */;
-		echo '" class="';
-		echo LR\HtmlHelpers::escapeAttr($x) /* line %d%:%d% */;
-		echo '"></span>
+<span';
+		echo LR\HtmlHelpers::formatCommonAttribute(' title', $x) /* line %d%:%d% */;
+		echo LR\HtmlHelpers::formatCommonAttribute(' class', $x) /* line %d%:%d% */;
+		echo '></span>
 
-<span title="';
-		echo LR\HtmlHelpers::escapeAttr($x) /* line %d%:%d% */;
-		echo '" ';
+<span';
+		echo LR\HtmlHelpers::formatCommonAttribute(' title', $x) /* line %d%:%d% */;
+		echo ' ';
 		echo LR\HtmlHelpers::escapeTag($x) /* line %d%:%d% */;
 		echo '></span>
 
@@ -38,9 +37,9 @@ public function main(array $ʟ_args): void
 		echo LR\HtmlHelpers::escapeAttr($x) /* line %d%:%d% */;
 		echo 'd"></span>
 
-<span onclick="';
-		echo LR\HtmlHelpers::escapeAttr($x) /* line %d%:%d% */;
-		echo '" ';
+<span';
+		echo LR\HtmlHelpers::formatCommonAttribute(' onclick', $x) /* line %d%:%d% */;
+		echo ' ';
 		echo LR\HtmlHelpers::escapeTag($x) /* line %d%:%d% */;
 		echo '></span>
 

tests/common/expected/contentType.xml.php

@@ -71,10 +71,10 @@ public function main(array $ʟ_args): void
 		echo '"\'
  style="color:';
 		echo LR\XmlHelpers::escapeAttr($id) /* line %d%:%d% */;
-		echo ';\'"
- alt="';
-		echo LR\XmlHelpers::escapeAttr($el) /* line %d%:%d% */;
-		echo '"
+		echo ';\'"';
+		echo LR\XmlHelpers::formatCommonAttribute('
+ alt', $el) /* line %d%:%d% */;
+		echo '
  onfocus="alert(';
 		echo LR\XmlHelpers::escapeAttr($el) /* line %d%:%d% */;
 		echo ')"
@@ -119,13 +119,13 @@ public function main(array $ʟ_args): void
 		}
 		echo '"> </p>
 
-<p val="';
-		echo LR\XmlHelpers::escapeAttr($xss) /* line %d%:%d% */;
-		echo '" > </p>
+<p';
+		echo LR\XmlHelpers::formatCommonAttribute(' val', $xss) /* line %d%:%d% */;
+		echo ' > </p>
 
-<p onclick="';
-		echo LR\XmlHelpers::escapeAttr($xss) /* line %d%:%d% */;
-		echo '"> </p>
+<p';
+		echo LR\XmlHelpers::formatCommonAttribute(' onclick', $xss) /* line %d%:%d% */;
+		echo '> </p>
 ';
 	}
 

tests/runtime/HtmlHelpers.formatCommonAttribute.phpt

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+use Latte\Runtime\HtmlHelpers;
+use Tester\Assert;
+
+require __DIR__ . '/../bootstrap.php';
+
+
+class Str
+{
+	public function __toString()
+	{
+		return 'one&<br>';
+	}
+}
+
+
+// text
+Assert::same(
+	'title="Hello &amp; Welcome"',
+	HtmlHelpers::formatCommonAttribute('title', 'Hello & Welcome'),
+);
+Assert::same(
+	'title="&quot;Hello&quot; &amp; &apos;Welcome&apos;"',
+	HtmlHelpers::formatCommonAttribute('title', '"Hello" & \'Welcome\''),
+);
+Assert::same('title=""', HtmlHelpers::formatCommonAttribute('title', ''));
+Assert::same('title="1"', HtmlHelpers::formatCommonAttribute('title', 1));
+Assert::same('title="0"', HtmlHelpers::formatCommonAttribute('title', 0));
+Assert::same('title="one&amp;"', HtmlHelpers::formatCommonAttribute('title', new Latte\Runtime\Html('one&amp;<br>')));
+Assert::same('title="one&amp;&lt;br&gt;"', HtmlHelpers::formatCommonAttribute('title', new Str));
+
+// special values
+Assert::same('title="1"', HtmlHelpers::formatCommonAttribute('title', true));
+Assert::same('title=""', HtmlHelpers::formatCommonAttribute('title', false));
+Assert::same('title=""', HtmlHelpers::formatCommonAttribute('title', null));
+
+// invalid
+Assert::error(
+	fn() => Assert::same('title="Array"', HtmlHelpers::formatCommonAttribute('title', [])),
+	E_WARNING,
+);
+Assert::exception(
+	fn() => HtmlHelpers::formatCommonAttribute('title', (object) []),
+	Error::class,
+);
+
+// invalid UTF-8
+Assert::same( // invalid codepoint high surrogates
+	"a=\"foo \u{FFFD} bar\"",
+	HtmlHelpers::formatCommonAttribute('a', "foo \u{D800} bar"),
+);
+Assert::same( // stripped UTF
+	"a=\"foo \u{FFFD}&quot; bar\"",
+	HtmlHelpers::formatCommonAttribute('a', "foo \xE3\x80\x22 bar"),
+);

tests/runtime/XmlHelpers.formatCommonAttribute.phpt

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+use Latte\Runtime\XmlHelpers;
+use Tester\Assert;
+
+require __DIR__ . '/../bootstrap.php';
+
+
+class Str
+{
+	public function __toString()
+	{
+		return 'one&<br>';
+	}
+}
+
+
+// text
+Assert::same(
+	'title="Hello &amp; Welcome"',
+	XmlHelpers::formatCommonAttribute('title', 'Hello & Welcome'),
+);
+Assert::same(
+	'title="&quot;Hello&quot; &amp; &apos;Welcome&apos;"',
+	XmlHelpers::formatCommonAttribute('title', '"Hello" & \'Welcome\''),
+);
+Assert::same('title=""', XmlHelpers::formatCommonAttribute('title', ''));
+Assert::same('title="1"', XmlHelpers::formatCommonAttribute('title', 1));
+Assert::same('title="0"', XmlHelpers::formatCommonAttribute('title', 0));
+Assert::same('title="one&amp;"', XmlHelpers::formatCommonAttribute('title', new Latte\Runtime\Html('one&amp;<br>')));
+Assert::same('title="one&amp;&lt;br&gt;"', XmlHelpers::formatCommonAttribute('title', new Str));
+
+// special values
+Assert::same('title="1"', XmlHelpers::formatCommonAttribute('title', true));
+Assert::same('title=""', XmlHelpers::formatCommonAttribute('title', false));
+Assert::same('title=""', XmlHelpers::formatCommonAttribute('title', null));
+
+// invalid
+Assert::error(
+	fn() => Assert::same('title="Array"', XmlHelpers::formatCommonAttribute('title', [])),
+	E_WARNING,
+);
+Assert::exception(
+	fn() => XmlHelpers::formatCommonAttribute('title', (object) []),
+	Error::class,
+);
+
+// invalid UTF-8
+Assert::same( // invalid codepoint high surrogates
+	"a=\"foo \u{FFFD} bar\"",
+	XmlHelpers::formatCommonAttribute('a', "foo \u{D800} bar"),
+);
+Assert::same( // stripped UTF
+	"a=\"foo \u{FFFD}&quot; bar\"",
+	XmlHelpers::formatCommonAttribute('a', "foo \xE3\x80\x22 bar"),
+);

tests/tags/expected/general.php

@@ -43,9 +43,9 @@ public function main(array $ʟ_args): void
 				echo '
 	<li id="item-';
 				echo LR\HtmlHelpers::escapeAttr($iterator->getCounter()) /* line %d%:%d% */;
-				echo '" class="';
-				echo LR\HtmlHelpers::escapeAttr($iterator->isOdd() ? 'odd' : 'even') /* line %d%:%d% */;
-				echo '">';
+				echo '"';
+				echo LR\HtmlHelpers::formatCommonAttribute(' class', $iterator->isOdd() ? 'odd' : 'even') /* line %d%:%d% */;
+				echo '>';
 				echo LR\HtmlHelpers::escapeText($person) /* line %d%:%d% */;
 				echo '</li>
 	';

tests/tags/expected/ifchanged.php

@@ -126,9 +126,9 @@
 			echo ' ';
 			ob_start(fn() => '');
 			try /* line 22:55 */ {
-				echo '<span class="';
-				echo LR\HtmlHelpers::escapeAttr($i) /* line 22:50 */;
-				echo '"></span>';
+				echo '<span';
+				echo LR\HtmlHelpers::formatCommonAttribute(' class', $i) /* line 22:50 */;
+				echo '></span>';
 			} finally {
 				$ʟ_tmp = ob_get_clean();
 			}