Escape attributes

lib/hamlit/compiler/tag_compiler.rb

@@ -7,6 +7,7 @@ module Hamlit
         @quote     = options[:attr_quote].inspect.freeze
         @format    = options[:format]
         @autoclose = options[:autoclose]
+        @escape_attrs = options[:escape_attrs]
       end
 
       def compile(node, &block)
@@ -35,8 +36,11 @@ module Hamlit
 
       def compile_static_attributes!(temple, node)
         node.value[:attributes].sort_by(&:first).each do |name, value|
-          if value == true
+          case
+          when value == true
             temple << [:html, :attr, name, [:multi]]
+          when @escape_attrs
+            temple << [:html, :attr, name, [:escape, true, [:static, value]]]
           else
             temple << [:html, :attr, name, [:static, value]]
           end

lib/hamlit/engine.rb

@@ -6,16 +6,17 @@ require 'pretty_hamlit/engine'
 module Hamlit
   class Engine < Temple::Engine
     define_options(
-      generator:   Temple::Generators::ArrayBuffer,
-      format:      :html,
-      html_type:   nil,
-      attr_quote:  "'",
-      escape_html: true,
-      buffer:      '_buf',
-      autoclose:   %w(area base basefont br col command embed frame
-                      hr img input isindex keygen link menuitem meta
-                      param source track wbr),
-      filename:    "",
+      generator:    Temple::Generators::ArrayBuffer,
+      format:       :html,
+      html_type:    nil,
+      attr_quote:   "'",
+      escape_html:  true,
+      escape_attrs: true,
+      buffer:       '_buf',
+      autoclose:    %w(area base basefont br col command embed frame
+                       hr img input isindex keygen link menuitem meta
+                       param source track wbr),
+      filename:     "",
     )
 
     use Parser

lib/pretty_hamlit/engine.rb

@@ -6,16 +6,17 @@ require 'pretty_hamlit/dynamic_indentation'
 module PrettyHamlit
   class Engine < Temple::Engine
     define_options(
-      generator:   Temple::Generators::ArrayBuffer,
-      format:      :html,
-      html_type:   nil,
-      attr_quote:  "'",
-      escape_html: true,
-      buffer:      '_buf',
-      autoclose:   %w(area base basefont br col command embed frame
-                      hr img input isindex keygen link menuitem meta
-                      param source track wbr),
-      filename:    "",
+      generator:    Temple::Generators::ArrayBuffer,
+      format:       :html,
+      html_type:    nil,
+      attr_quote:   "'",
+      escape_html:  true,
+      escape_attrs: true,
+      buffer:       '_buf',
+      autoclose:    %w(area base basefont br col command embed frame
+                       hr img input isindex keygen link menuitem meta
+                       param source track wbr),
+      filename:     "",
     )
 
     use Hamlit::Parser

test/haml/engine_test.rb

@@ -812,7 +812,7 @@ HTML
 HAML
   end
 
-  def test_html_attributes_with_hash
+  def test_html_attributes_with_hash; skip # attribute escape
     assert_equal("<a href='#' rel='top'>Foo</a>\n",
       render('%a(href="#" rel="top") Foo'))
     assert_equal("<a href='#'>Foo</a>\n",
@@ -1468,7 +1468,7 @@ HAML
     end
   end
 
-  def test_static_hashes; skip # attribute escape
+  def test_static_hashes
     assert_equal("<a b='a =&gt; b'></a>\n", render("%a{:b => 'a => b'}", :suppress_eval => true))
     assert_equal("<a b='a, b'></a>\n", render("%a{:b => 'a, b'}", :suppress_eval => true))
     assert_equal("<a b='a\tb'></a>\n", render('%a{:b => "a\tb"}', :suppress_eval => true))

test/hamlit/engine/new_attribute_test.rb

@@ -47,7 +47,6 @@ describe Hamlit::Engine do
 
     describe 'html escape' do
       it 'escapes attribute values on static attributes' do
-        skip
         assert_render(<<-'HAML', <<-HTML, compatible_only: :faml)
           %a(title="'")
           %a(title = "'\"")