diff --git a/generator/test-attribute-escaping/render_test.go b/generator/test-attribute-escaping/render_test.go new file mode 100644 index 000000000..920acb347 --- /dev/null +++ b/generator/test-attribute-escaping/render_test.go @@ -0,0 +1,24 @@ +package testhtml + +import ( + "context" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" +) + +const expected = `
` + + `` + +func TestHTML(t *testing.T) { + w := new(strings.Builder) + err := BasicTemplate(`javascript: alert("xss");`).Render(context.Background(), w) + if err != nil { + t.Errorf("failed to render: %v", err) + } + if diff := cmp.Diff(expected, w.String()); diff != "" { + t.Error(diff) + } +} diff --git a/generator/test-attribute-escaping/template.templ b/generator/test-attribute-escaping/template.templ new file mode 100644 index 000000000..a2d86ca22 --- /dev/null +++ b/generator/test-attribute-escaping/template.templ @@ -0,0 +1,8 @@ +{% package testhtml %} + +{% templ BasicTemplate(url string) %} +
+ {%= "text" %} +
+{% endtempl %} + diff --git a/generator/test-attribute-escaping/template_templ.go b/generator/test-attribute-escaping/template_templ.go new file mode 100644 index 000000000..ee8352217 --- /dev/null +++ b/generator/test-attribute-escaping/template_templ.go @@ -0,0 +1,56 @@ +// Code generated by templ DO NOT EDIT. + +package testhtml + +import "github.com/a-h/templ" +import "context" +import "io" + +func BasicTemplate(url string) templ.Component { + return templ.ComponentFunc(func(ctx context.Context, w io.Writer) (err error) { + ctx, _ = templ.RenderedCSSClassesFromContext(ctx) + _, err = io.WriteString(w, "
") + if err != nil { + return err + } + _, err = io.WriteString(w, "") + if err != nil { + return err + } + _, err = io.WriteString(w, templ.EscapeString("text")) + if err != nil { + return err + } + _, err = io.WriteString(w, "") + if err != nil { + return err + } + _, err = io.WriteString(w, "
") + if err != nil { + return err + } + return err + }) +} +