added ExpressionAttributeNode for <tag name="{$foo}"> or <tag name={$foo}>

(always uses double quotes)

Author: dg

src/Latte/Compiler/Nodes/Html/ElementNode.php

@@ -53,6 +53,10 @@ public function getAttribute(string $name): string|Node|bool|null
 				&& $this->matchesIdentifier($name, $child->name->content)
 			) {
 				return NodeHelpers::toText($child->value) ?? $child->value ?? true;
+			} elseif ($child instanceof ExpressionAttributeNode
+				&& $this->matchesIdentifier($name, $child->name)
+			) {
+				return true;
 			}
 		}
 

src/Latte/Compiler/Nodes/Html/ExpressionAttributeNode.php

@@ -0,0 +1,52 @@
+<?php
+
+/**
+ * This file is part of the Latte (https://latte.nette.org)
+ * Copyright (c) 2008 David Grudl (https://davidgrudl.com)
+ */
+
+declare(strict_types=1);
+
+namespace Latte\Compiler\Nodes\Html;
+
+use Latte\Compiler\Nodes\AreaNode;
+use Latte\Compiler\Nodes\Php\ExpressionNode;
+use Latte\Compiler\Nodes\Php\ModifierNode;
+use Latte\Compiler\Position;
+use Latte\Compiler\PrintContext;
+
+
+class ExpressionAttributeNode extends AreaNode
+{
+	public function __construct(
+		public string $name,
+		public ExpressionNode $value,
+		public ModifierNode $modifier,
+		public ?Position $position = null,
+		public ?string $indentation = null,
+	) {
+	}
+
+
+	public function print(PrintContext $context): string
+	{
+		$escaper = $context->beginEscape();
+		$escaper->enterHtmlAttribute($this->name);
+		$res = $context->format(
+			'echo %dump; echo %modify(%node) %line; echo \'"\';',
+			$this->indentation . $this->name . '="',
+			$this->modifier,
+			$this->value,
+			$this->value->position,
+		);
+		$context->restoreEscape();
+		return $res;
+	}
+
+
+	public function &getIterator(): \Generator
+	{
+		yield $this->value;
+		yield $this->modifier;
+	}
+}

src/Latte/Compiler/TemplateParserHtml.php

@@ -210,6 +210,7 @@ private function parseStartTag(&$elem = null): Html\ElementNode
 			'textualName' => $textual,
 		];
 		$elem->attributes = $this->parser->parseFragment($this->inTagResolve(...));
+		$this->relocateAttributeIndentation($elem->attributes);
 		$elem->selfClosing = (bool) $stream->tryConsume(Token::Slash);
 		if ($variable) {
 			$elem->dynamicTag = new Nodes\Html\TagNode($elem, $variable);
@@ -223,6 +224,19 @@ private function parseStartTag(&$elem = null): Html\ElementNode
 	}
 
 
+	private function relocateAttributeIndentation(FragmentNode $node): void
+	{
+		foreach ($node->children as $i => $child) {
+			$next = $node->children[$i + 1] ?? null;
+			if ($child instanceof Nodes\TextNode && $child->isWhitespace() && $next instanceof Html\ExpressionAttributeNode) {
+				$next->indentation = $child->content;
+				unset($node->children[$i]);
+			}
+		}
+		$node->children = array_values($node->children);
+	}
+
+
 	/** @return array{string, ?Nodes\Php\ExpressionNode} */
 	private function parseEndTag(): array
 	{
@@ -363,12 +377,19 @@ private function parseAttribute(): ?Node
 		}
 
 		[$value, $quote] = $this->parseAttributeValue();
-		return new Html\AttributeNode(
-			name: $name,
-			value: $value,
-			quote: $quote,
-			position: $name->position,
-		);
+		return $name instanceof Nodes\TextNode && $value instanceof Nodes\PrintNode
+			? new Html\ExpressionAttributeNode(
+				name: $name->content,
+				value: $value->expression,
+				modifier: $value->modifier,
+				position: $name->position,
+			)
+			: new Html\AttributeNode(
+				name: $name,
+				value: $value,
+				quote: $quote,
+				position: $name->position,
+			);
 	}
 
 

src/Latte/Essential/Passes.php

@@ -11,9 +11,8 @@
 
 use Latte\CompileException;
 use Latte\Compiler\Node;
-use Latte\Compiler\Nodes\FragmentNode;
-use Latte\Compiler\Nodes\Html\AttributeNode;
 use Latte\Compiler\Nodes\Html\ElementNode;
+use Latte\Compiler\Nodes\Html\ExpressionAttributeNode;
 use Latte\Compiler\Nodes\Php;
 use Latte\Compiler\Nodes\Php\Expression;
 use Latte\Compiler\Nodes\Php\Expression\VariableNode;
@@ -123,20 +122,12 @@ public function checkUrlsPass(TemplateNode $node): void
 			if ($node instanceof ElementNode) {
 				$elem = $node;
 
-			} elseif ($node instanceof AttributeNode
-				&& $node->name instanceof TextNode
-				&& HtmlHelpers::isUrlAttribute($elem->name, $node->name->content)
+			} elseif ($node instanceof ExpressionAttributeNode
+				&& HtmlHelpers::isUrlAttribute($elem->name, $node->name)
+				&& !$node->modifier->removeFilter('nocheck') && !$node->modifier->removeFilter('noCheck')
+				&& !$node->modifier->hasFilter('datastream') && !$node->modifier->hasFilter('dataStream')
 			) {
-				$attrValue = $node->value instanceof FragmentNode && $node->value->children
-					? $node->value->children[0]
-					: $node->value;
-
-				if ($attrValue instanceof PrintNode && ($modifier = $attrValue->modifier)
-					&& !$modifier->removeFilter('nocheck') && !$modifier->removeFilter('noCheck')
-					&& !$modifier->hasFilter('datastream') && !$modifier->hasFilter('dataStream')
-				) {
-					$attrValue->modifier->filters[] = new Php\FilterNode(new Php\IdentifierNode('checkUrl'));
-				}
+				$node->modifier->filters[] = new Php\FilterNode(new Php\IdentifierNode('checkUrl'));
 			}
 		});
 	}

tests/common/ElementNode.getAttribute().phpt

@@ -5,6 +5,9 @@ declare(strict_types=1);
 use Latte\Compiler\Nodes\FragmentNode;
 use Latte\Compiler\Nodes\Html\AttributeNode;
 use Latte\Compiler\Nodes\Html\ElementNode;
+use Latte\Compiler\Nodes\Html\ExpressionAttributeNode;
+use Latte\Compiler\Nodes\Php\Expression\VariableNode;
+use Latte\Compiler\Nodes\Php\ModifierNode;
 use Latte\Compiler\Nodes\TextNode;
 use Latte\ContentType;
 use Tester\Assert;
@@ -113,3 +116,35 @@ test('ElementNode::getAttribute() - non-existent attribute', function () {
 	Assert::null($element->getAttribute('id'));
 	Assert::null($element->getAttribute('nonexistent'));
 });
+
+
+test('ElementNode::getAttribute() - ExpressionAttributeNode HTML case insensitive', function () {
+	$element = new ElementNode('div', contentType: ContentType::Html);
+	$element->attributes = new FragmentNode([
+		new ExpressionAttributeNode(
+			'CLASS',
+			new VariableNode('foo'),
+			new ModifierNode([]),
+		),
+	]);
+
+	Assert::same(true, $element->getAttribute('class'));
+	Assert::same(true, $element->getAttribute('CLASS'));
+	Assert::same(true, $element->getAttribute('Class'));
+});
+
+
+test('ElementNode::getAttribute() - ExpressionAttributeNode non-HTML case sensitive', function () {
+	$element = new ElementNode('element', contentType: ContentType::Xml);
+	$element->attributes = new FragmentNode([
+		new ExpressionAttributeNode(
+			'CLASS',
+			new VariableNode('foo'),
+			new ModifierNode([]),
+		),
+	]);
+
+	Assert::same(true, $element->getAttribute('CLASS'));
+	Assert::null($element->getAttribute('class'));
+	Assert::null($element->getAttribute('Class'));
+});

tests/common/expected/contentType.xml.html

@@ -32,7 +32,7 @@
 <p onclick='alert(:/item);alert("hello");'
  title=':/item"'
  style="color::/item;'"
- alt=''
+ alt=""
  onfocus="alert()"
 >click on me</p>
 

tests/common/expected/contentType.xml.php

@@ -72,9 +72,9 @@ public function main(array $ʟ_args): void
  style="color:';
 		echo LR\XmlHelpers::escapeAttr($id) /* line %d%:%d% */;
 		echo ';\'"
- alt=\'';
+ alt="';
 		echo LR\XmlHelpers::escapeAttr($el) /* line %d%:%d% */;
-		echo '\'
+		echo '"
  onfocus="alert(';
 		echo LR\XmlHelpers::escapeAttr($el) /* line %d%:%d% */;
 		echo ')"

tests/tags/expected/ifchanged.php

@@ -127,7 +127,7 @@
 			ob_start(fn() => '');
 			try /* line 22:55 */ {
 				echo '<span class="';
-				echo LR\HtmlHelpers::escapeAttr($i) /* line 22:49 */;
+				echo LR\HtmlHelpers::escapeAttr($i) /* line 22:50 */;
 				echo '"></span>';
 			} finally {
 				$ʟ_tmp = ob_get_clean();

tests/tags/expected/print.xss.html

@@ -34,7 +34,7 @@
 </SCRIPT>
 
 <p onclick='alert(&quot;some&amp;&lt;&gt;\&quot;&apos;/chars&quot;);alert("hello");'
- title='some&amp;&lt;&gt;&quot;&apos;/chars'
+ title="some&amp;&lt;&gt;&quot;&apos;/chars"
  STYLE="color:some\&amp;\&lt;\&gt;\&quot;\&apos;\/chars;"
  rel="some&amp;&lt;&gt;&quot;&apos;/chars"
  onblur="alert(&quot;some&amp;&lt;&gt;\&quot;&apos;/chars&quot;)"

tests/tags/expected/print.xss.php

@@ -59,9 +59,9 @@
 <p onclick=\'alert(';
 		echo LR\HtmlHelpers::escapeAttr(LR\Helpers::escapeJs($xss)) /* line %d%:%d% */;
 		echo ');alert("hello");\'
- title=\'';
+ title="';
 		echo LR\HtmlHelpers::escapeAttr($xss) /* line %d%:%d% */;
-		echo '\'
+		echo '"
  STYLE="color:';
 		echo LR\HtmlHelpers::escapeAttr(LR\Helpers::escapeCss($xss)) /* line %d%:%d% */;
 		echo ';"