Create sanitized attribute and property classes #197
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let { element } = this; | ||
| let { tagName } = element; | ||
|
|
||
| if (SanitizedProperty.requiresSanitization(tagName, name)) { |
There was a problem hiding this comment.
Should this use the method off of SanitizedNonNamespacedAttribute instead?
There was a problem hiding this comment.
Yes, this is the result of copy pasta. Will fix.
| } else if (tagName === 'INPUT' && name === 'value') { | ||
| this.group.push(new EmptyStringResetingProperty(element, name, reference)); | ||
| } else { | ||
| this.group.push(new NonNamespacedAttribute(element, name, reference)); | ||
| } |
There was a problem hiding this comment.
I changed the conditions here. This used to push two objects in the case of input[value]. Was this the correct behavior? For the sanitized case it should be one or the other, not both. @asakusuma
There was a problem hiding this comment.
Interesting, I would have thought the tests would fail if you did this but apparently not. I had assumed you needed both. I added a specific test case around this though, so I'm not too worried about this change breaking things.
|
This was superseded |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This creates "sanitized" subclasses of
PropertyandNonNamespacedAttributewhich enforce sanitization of known dangerous tag/attribute combinations. This also makes https://github.com/emberjs/ember.js/blob/1be0354068d933065ac542f49d42d73409366a47/packages/ember-glimmer/tests/integration/components/attribute-bindings-test.js#L456 and https://github.com/emberjs/ember.js/blob/3cfc9614bbd92ee8e80b6c4894b024f2e14bffae/packages/ember-glimmer/tests/integration/helpers/unbound-test.js#L98 pass.