Skip to content

Commit

Permalink
[FIX] playground: correctly escape backslashes and interpolation sigils
Browse files Browse the repository at this point in the history
Previously, if you used a backslash in a template on the playground, it
would be interpreted as an escape sequence, and if you wrote "${" it
would likely crash, as it would be treated as an interpolation sigil in
the context of the script element injected inside the playground's
iframe.

A previous fix already escaped backticks, this commit completes the
escaping by escaping the two other things that have special meaning
within template literals.
  • Loading branch information
sdegueldre authored and ged-odoo committed May 13, 2024
1 parent 11e4e67 commit 7952f31
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions docs/playground/playground.js
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,6 @@ const loadFile = (path) => {
* Make an iframe, with all the js, css and xml properly injected.
*/
function makeCodeIframe(js, css, xml) {
// escape backticks in the xml so they don't close the template string
const escapedXml = xml.replace(/`/g, '\\\`');

const iframe = document.createElement("iframe");
iframe.onload = () => {
const doc = iframe.contentDocument;
Expand All @@ -55,6 +52,8 @@ function makeCodeIframe(js, css, xml) {

const script = doc.createElement("script");
script.type = "module";
// escape characters with special meaning in template literals
const escapedXml = xml.replace(/\\/g, "\\\\").replace(/`/g, "\\`").replace(/\$\{/, "\\${");
script.textContent = `const TEMPLATES = \`${escapedXml}\`\n${js}`;
doc.body.appendChild(script);

Expand Down

0 comments on commit 7952f31

Please sign in to comment.