From 8463b4ba8b73bfe28d050232c5eed971038b13be Mon Sep 17 00:00:00 2001 From: Maciej Barelkowski Date: Tue, 1 Oct 2024 14:34:11 +0200 Subject: [PATCH 1/2] fix: escape entities in attributes Closes #16 --- CHANGELOG.md | 4 ++++ lib/util/serialize.js | 2 +- test/spec/innerSVG.js | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1f1137b..9be58d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ All notable changes to [tiny-svg](https://github.com/bpmn-io/tiny-svg) are docum ___Note:__ Yet to be released changes appear here._ +## 4.1.3 + +* `FIX`: escape entities in attributes ([#16](https://github.com/bpmn-io/tiny-svg/issues/16)) + ## 4.1.2 * `CHORE`: make `clear` work standalone diff --git a/lib/util/serialize.js b/lib/util/serialize.js index 83a1511..24152f7 100644 --- a/lib/util/serialize.js +++ b/lib/util/serialize.js @@ -3,7 +3,7 @@ */ var TEXT_ENTITIES = /([&<>]{1})/g; -var ATTR_ENTITIES = /([\n\r"]{1})/g; +var ATTR_ENTITIES = /([&<>\n\r"]{1})/g; var ENTITY_REPLACEMENT = { '&': '&', diff --git a/test/spec/innerSVG.js b/test/spec/innerSVG.js index 2410f46..fb103b1 100644 --- a/test/spec/innerSVG.js +++ b/test/spec/innerSVG.js @@ -218,6 +218,41 @@ describe('inner-svg', function() { expect(svg).to.eql(text); }); + + it('should escape <> in attributes', function() { + + // given + var container = createContainer(); + var element = appendTo(create('svg'), container); + + var text = ''; + + innerSVG(element, text); + + // when + var svg = innerSVG(element); + + // then + expect(svg).to.eql(text); + }); + + + it('should escape & in attributes', function() { + + // given + var container = createContainer(); + var element = appendTo(create('svg'), container); + + var text = ''; + + innerSVG(element, text); + + // when + var svg = innerSVG(element); + + // then + expect(svg).to.eql(text); + }); }); }); \ No newline at end of file From 80fa5794b269730b3b44ebe8c7ebb8cdf72272d6 Mon Sep 17 00:00:00 2001 From: Maciej Barelkowski Date: Tue, 1 Oct 2024 15:17:48 +0200 Subject: [PATCH 2/2] test: make sure both entities are tested Co-authored-by: Nico Rehwaldt --- test/spec/innerSVG.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/spec/innerSVG.js b/test/spec/innerSVG.js index fb103b1..ee1505e 100644 --- a/test/spec/innerSVG.js +++ b/test/spec/innerSVG.js @@ -225,7 +225,7 @@ describe('inner-svg', function() { var container = createContainer(); var element = appendTo(create('svg'), container); - var text = ''; + var text = ''; innerSVG(element, text);