jprdonnelly/pyscript
1
0
Fork 0
mirror of https://github.com/pyscript/pyscript.git synced 2025-12-19 18:27:29 -05:00
Code Issues Projects Releases Wiki Activity

Fix #1764 - Unescape innerHTML artifacts (#1767)

Browse Source
This commit is contained in:
Andrea Giammarchi
2023-09-28 16:05:51 +02:00
committed by GitHub
parent c6aaacdbf1
commit 97699eaded
5 changed files with 78 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
pyscript.core/package-lock.json generated
View File

@@ -11,13 +11,13 @@
"dependencies": { "dependencies": {
"@ungap/with-resolvers": "^0.1.0", "@ungap/with-resolvers": "^0.1.0",
"basic-devtools": "^0.1.6", "basic-devtools": "^0.1.6",
"polyscript": "^0.4.6" "polyscript": "^0.4.7"
}, },
"devDependencies": { "devDependencies": {
"@rollup/plugin-node-resolve": "^15.2.1", "@rollup/plugin-node-resolve": "^15.2.1",
"@rollup/plugin-terser": "^0.4.3", "@rollup/plugin-terser": "^0.4.3",
"eslint": "^8.50.0", "eslint": "^8.50.0",
"rollup": "^3.29.3", "rollup": "^3.29.4",
"rollup-plugin-postcss": "^4.0.2", "rollup-plugin-postcss": "^4.0.2",
"rollup-plugin-string": "^3.0.0", "rollup-plugin-string": "^3.0.0",
"static-handler": "^0.4.2", "static-handler": "^0.4.2",
@@ -49,9 +49,9 @@
} }
}, },
"node_modules/@eslint-community/regexpp": { "node_modules/@eslint-community/regexpp": {
"version": "4.8.2", "version": "4.9.0",
"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.8.2.tgz", "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.9.0.tgz",
"integrity": "sha512-0MGxAVt1m/ZK+LTJp/j0qF7Hz97D9O/FH9Ms3ltnyIdDD57cbb1ACIQTkbHvNXtWDv5TPq7w5Kq56+cNukbo7g==", "integrity": "sha512-zJmuCWj2VLBt4c25CfBIbMZLGLyhkvs7LznyVX5HfpzeocThgIj5XQK4L+g3U36mMcx8bPMhGyPpwCATamC4jQ==",
"dev": true, "dev": true,
"engines": { "engines": {
"node": "^12.0.0 || ^14.0.0 || >=16.0.0" "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
@@ -410,9 +410,9 @@
} }
}, },
"node_modules/browserslist": { "node_modules/browserslist": {
"version": "4.21.11", "version": "4.22.0",
"resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.11.tgz", "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.22.0.tgz",
"integrity": "sha512-xn1UXOKUz7DjdGlg9RrUr0GGiWzI97UQJnugHtH0OLDfJB7jMgoIkYvRIEO1l9EeEERVqeqLYOcFBW9ldjypbQ==", "integrity": "sha512-v+Jcv64L2LbfTC6OnRcaxtqJNJuQAVhZKSJfR/6hn7lhnChUXl4amwVviqN1k411BB+3rRoKMitELRn1CojeRA==",
"dev": true, "dev": true,
"funding": [ "funding": [
{ {
@@ -429,8 +429,8 @@
} }
], ],
"dependencies": { "dependencies": {
"caniuse-lite": "^1.0.30001538", "caniuse-lite": "^1.0.30001539",
"electron-to-chromium": "^1.4.526", "electron-to-chromium": "^1.4.530",
"node-releases": "^2.0.13", "node-releases": "^2.0.13",
"update-browserslist-db": "^1.0.13" "update-browserslist-db": "^1.0.13"
}, },
@@ -481,9 +481,9 @@
} }
}, },
"node_modules/caniuse-lite": { "node_modules/caniuse-lite": {
"version": "1.0.30001539", "version": "1.0.30001541",
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001539.tgz", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001541.tgz",
"integrity": "sha512-hfS5tE8bnNiNvEOEkm8HElUHroYwlqMMENEzELymy77+tJ6m+gA2krtHl5hxJaj71OlpC2cHZbdSMX1/YEqEkA==", "integrity": "sha512-bLOsqxDgTqUBkzxbNlSBt8annkDpQB9NdzdTbO2ooJ+eC/IQcvDspDc058g84ejCelF7vHUx57KIOjEecOHXaw==",
"dev": true, "dev": true,
"funding": [ "funding": [
{ {
@@ -525,15 +525,15 @@
} }
}, },
"node_modules/coincident": { "node_modules/coincident": {
"version": "0.11.6", "version": "0.13.3",
"resolved": "https://registry.npmjs.org/coincident/-/coincident-0.11.6.tgz", "resolved": "https://registry.npmjs.org/coincident/-/coincident-0.13.3.tgz",
"integrity": "sha512-Ld82kMrjDwNjpi+WE2C1v5ADPvOa+NANBWL8o1ohj+UhFTzDX3OMQOE9NSnjbUuMh+U/WBp39+uO2WFs8vJ3sw==", "integrity": "sha512-S97aRYpTb0EOI1o0V3lgxPtvk1GNQqLew9IorDRNg/1sN6m8EdOgJtGt/dVwkWkDNNgG7xRIra6Yf9qHne67Dw==",
"dependencies": { "dependencies": {
"@ungap/structured-clone": "^1.2.0", "@ungap/structured-clone": "^1.2.0",
"@ungap/with-resolvers": "^0.1.0" "@ungap/with-resolvers": "^0.1.0"
}, },
"optionalDependencies": { "optionalDependencies": {
"ws": "^8.13.0" "ws": "^8.14.2"
} }
}, },
"node_modules/color-convert": { "node_modules/color-convert": {
@@ -851,9 +851,9 @@
} }
}, },
"node_modules/electron-to-chromium": { "node_modules/electron-to-chromium": {
"version": "1.4.529", "version": "1.4.532",
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.529.tgz", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.532.tgz",
"integrity": "sha512-6uyPyXTo8lkv8SWAmjKFbG42U073TXlzD4R8rW3EzuznhFS2olCIAfjjQtV2dV2ar/vRF55KUd3zQYnCB0dd3A==", "integrity": "sha512-piIR0QFdIGKmOJTSNg5AwxZRNWQSXlRYycqDB9Srstx4lip8KpcmRxVP6zuFWExWziHYZpJ0acX7TxqX95KBpg==",
"dev": true "dev": true
}, },
"node_modules/entities": { "node_modules/entities": {
@@ -1223,6 +1223,11 @@
"node": ">=8" "node": ">=8"
} }
}, },
"node_modules/html-escaper": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-3.0.3.tgz",
"integrity": "sha512-RuMffC89BOWQoY0WKGpIhn5gX3iI54O6nRA0yC124NYVtzjmFWBIiFd8M0x+ZdX0P9R4lADg1mgP8C7PxGOWuQ=="
},
"node_modules/icss-replace-symbols": { "node_modules/icss-replace-symbols": {
"version": "1.1.0", "version": "1.1.0",
"resolved": "https://registry.npmjs.org/icss-replace-symbols/-/icss-replace-symbols-1.1.0.tgz", "resolved": "https://registry.npmjs.org/icss-replace-symbols/-/icss-replace-symbols-1.1.0.tgz",
@@ -1776,15 +1781,16 @@
"integrity": "sha512-yyVAOFKTAElc7KdLt2+UKGExNYwYb/Y/WE9i+1ezCQsJE8gbKSjewfpRqK2nQgZ4d4hhAAGgDCOcIZVilqE5UA==" "integrity": "sha512-yyVAOFKTAElc7KdLt2+UKGExNYwYb/Y/WE9i+1ezCQsJE8gbKSjewfpRqK2nQgZ4d4hhAAGgDCOcIZVilqE5UA=="
}, },
"node_modules/polyscript": { "node_modules/polyscript": {
"version": "0.4.6", "version": "0.4.7",
"resolved": "https://registry.npmjs.org/polyscript/-/polyscript-0.4.6.tgz", "resolved": "https://registry.npmjs.org/polyscript/-/polyscript-0.4.7.tgz",
"integrity": "sha512-yRL8iwa8NHCWYIkYIRZ7Ujwd69WaDKAoeFxhQRLkTmcdlKKFxoFJStwyb5PONWZUl+mb+oXGkrPPsRaAJHHipQ==", "integrity": "sha512-nkAKkhZBsyfxdRglIWmvyGsI54MsG2F0BwygkLWAseYBfs5dspB7plAg1tlckqWkUE01wr3Ha/kenwJkEUvbhQ==",
"dependencies": { "dependencies": {
"@ungap/structured-clone": "^1.2.0", "@ungap/structured-clone": "^1.2.0",
"@ungap/with-resolvers": "^0.1.0", "@ungap/with-resolvers": "^0.1.0",
"basic-devtools": "^0.1.6", "basic-devtools": "^0.1.6",
"codedent": "^0.1.2", "codedent": "^0.1.2",
"coincident": "^0.11.6" "coincident": "^0.13.3",
"html-escaper": "^3.0.3"
} }
}, },
"node_modules/postcss": { "node_modules/postcss": {
@@ -2455,9 +2461,9 @@
} }
}, },
"node_modules/rollup": { "node_modules/rollup": {
"version": "3.29.3", "version": "3.29.4",
"resolved": "https://registry.npmjs.org/rollup/-/rollup-3.29.3.tgz", "resolved": "https://registry.npmjs.org/rollup/-/rollup-3.29.4.tgz",
"integrity": "sha512-T7du6Hum8jOkSWetjRgbwpM6Sy0nECYrYRSmZjayFcOddtKJWU4d17AC3HNUk7HRuqy4p+G7aEZclSHytqUmEg==", "integrity": "sha512-oWzmBZwvYrU0iJHtDmhsm662rC15FRXmcjCk1xD771dFDx5jJ02ufAQQTn0etB2emNk4J9EZg/yWKpsn9BWGRw==",
"dev": true, "dev": true,
"bin": { "bin": {
"rollup": "dist/bin/rollup" "rollup": "dist/bin/rollup"

4
pyscript.core/package.json
View File

@@ -33,13 +33,13 @@
"dependencies": { "dependencies": {
"@ungap/with-resolvers": "^0.1.0", "@ungap/with-resolvers": "^0.1.0",
"basic-devtools": "^0.1.6", "basic-devtools": "^0.1.6",
"polyscript": "^0.4.6" "polyscript": "^0.4.7"
}, },
"devDependencies": { "devDependencies": {
"@rollup/plugin-node-resolve": "^15.2.1", "@rollup/plugin-node-resolve": "^15.2.1",
"@rollup/plugin-terser": "^0.4.3", "@rollup/plugin-terser": "^0.4.3",
"eslint": "^8.50.0", "eslint": "^8.50.0",
"rollup": "^3.29.3", "rollup": "^3.29.4",
"rollup-plugin-postcss": "^4.0.2", "rollup-plugin-postcss": "^4.0.2",
"rollup-plugin-string": "^3.0.0", "rollup-plugin-string": "^3.0.0",
"static-handler": "^0.4.2", "static-handler": "^0.4.2",

12
pyscript.core/src/core.js
View File

@@ -9,7 +9,11 @@ import {
XWorker, XWorker,
} from "../node_modules/polyscript/esm/index.js"; } from "../node_modules/polyscript/esm/index.js";
import { queryTarget } from "../node_modules/polyscript/esm/script-handler.js"; import { queryTarget } from "../node_modules/polyscript/esm/script-handler.js";
import { dedent, dispatch } from "../node_modules/polyscript/esm/utils.js"; import {
dedent,
dispatch,
unescape,
} from "../node_modules/polyscript/esm/utils.js";
import { Hook } from "../node_modules/polyscript/esm/worker/hooks.js"; import { Hook } from "../node_modules/polyscript/esm/worker/hooks.js";
import "./all-done.js"; import "./all-done.js";
@@ -108,12 +112,12 @@ for (const [TYPE, interpreter] of TYPES) {
if (asText) return dedent(tag.textContent); if (asText) return dedent(tag.textContent);
const code = dedent(unescape(tag.innerHTML));
console.warn( console.warn(
`Deprecated: use <script type="${TYPE}"> for an always safe content parsing:\n`, `Deprecated: use <script type="${TYPE}"> for an always safe content parsing:\n`,
tag.innerHTML, code,
); );
return code;
return dedent(tag.innerHTML);
}; };
// define the module as both `<script type="py">` and `<py-script>` // define the module as both `<script type="py">` and `<py-script>`

24
pyscript.core/test/html-decode.html
View File

@@ -7,7 +7,29 @@
<body> <body>
<body> <body>
<py-script>import js; js.console.log(1<2, 1>2)</py-script> <py-script>import js; js.console.log(1<2, 1>2)</py-script>
<py-script>js.console.log("<div></div>")</py-script> <py-script>import js; js.console.log("<div></div>")</py-script>
<script type="py">
import js
js.console.log("A", 1<2, 1>2)
js.console.log("B <div></div>")
</script>
<py-script>
import js
js.console.log("C", 1<2, 1>2)
js.console.log("D <div></div>")
</py-script>
<py-script worker>import js; js.console.log(1<2, 1>2)</py-script>
<py-script worker>import js; js.console.log("<div></div>")</py-script>
<script type="py" worker>
import js
js.console.log("A", 1<2, 1>2)
js.console.log("B <div></div>")
</script>
<py-script worker>
import js
js.console.log("C", 1<2, 1>2)
js.console.log("D <div></div>")
</py-script>
</body> </body>
</body> </body>
</html> </html>

21
pyscript.core/tests/integration/test_01_basic.py
View File

@@ -43,7 +43,7 @@ class TestBasic(PyScriptTest):
in_worker = str(in_worker).lower() in_worker = str(in_worker).lower()
assert self.console.log.lines[-1] == f"worker? {in_worker}" assert self.console.log.lines[-1] == f"worker? {in_worker}"
@skip_worker('NEXT: it should show a nice error on the page') @skip_worker("NEXT: it should show a nice error on the page")
def test_no_cors_headers(self): def test_no_cors_headers(self):
self.disable_cors_headers() self.disable_cors_headers()
self.pyscript_run( self.pyscript_run(
@@ -58,7 +58,7 @@ class TestBasic(PyScriptTest):
assert self.headers == {} assert self.headers == {}
if self.execution_thread == "main": if self.execution_thread == "main":
self.wait_for_pyscript() self.wait_for_pyscript()
assert self.console.log.lines == ['hello'] assert self.console.log.lines == ["hello"]
self.assert_no_banners() self.assert_no_banners()
else: else:
# XXX adapt and fix the test # XXX adapt and fix the test
@@ -73,7 +73,6 @@ class TestBasic(PyScriptTest):
alert_banner = self.page.wait_for_selector(".alert-banner") alert_banner = self.page.wait_for_selector(".alert-banner")
assert expected_alert_banner_msg in alert_banner.inner_text() assert expected_alert_banner_msg in alert_banner.inner_text()
def test_print(self): def test_print(self):
self.pyscript_run( self.pyscript_run(
""" """
@@ -159,18 +158,22 @@ class TestBasic(PyScriptTest):
"four", "four",
] ]
@skip_worker("NEXT: something very weird happens here")
def test_escaping_of_angle_brackets(self): def test_escaping_of_angle_brackets(self):
""" """
Check that script tags escape angle brackets Check that script tags escape angle brackets
""" """
self.pyscript_run( self.pyscript_run(
""" """
<script type="py">import js; js.console.log("A", 1<2, 1>2)</script> <script type="py">
<script type="py">import js; js.console.log("B <div></div>")</script> import js
<py-script>import js; js.console.log("C", 1<2, 1>2)</py-script> js.console.log("A", 1<2, 1>2)
<py-script>import js; js.console.log("D <div></div>")</py-script> js.console.log("B <div></div>")
</script>
<py-script>
import js
js.console.log("C", 1<2, 1>2)
js.console.log("D <div></div>")
</py-script>
""" """
) )
# in workers the order of execution is not guaranteed, better to play # in workers the order of execution is not guaranteed, better to play