Merge pull request #4668 from joewiz/hotfix/html5-serializer-escaping

line-o · web-flow · commit 74aed9c02d51 · 2023-01-11T18:44:02.000+01:00
[BUG] HTML5 serializer should escape contents of title and textarea elements
diff --git a/exist-core/src/main/java/org/exist/util/serializer/HTML5Writer.java b/exist-core/src/main/java/org/exist/util/serializer/HTML5Writer.java
@@ -141,8 +141,6 @@ public class HTML5Writer extends XHTML5Writer {
     static {
         RAW_TEXT_ELEMENTS.add("script");
         RAW_TEXT_ELEMENTS.add("style");
-        RAW_TEXT_ELEMENTS.add("textarea");
-        RAW_TEXT_ELEMENTS.add("title");
     }
 
     public HTML5Writer() {
diff --git a/exist-core/src/test/xquery/xquery3/serialize.xql b/exist-core/src/test/xquery/xquery3/serialize.xql
@@ -865,3 +865,65 @@ function ser:serialize-xml-134() {
     }
     return serialize((1 to 4)!text{.}, $params)
 };
+
+declare
+    %test:assertEquals('<!DOCTYPE html> <option selected></option>')
+function ser:serialize-html-5-boolean-attribute-names() {
+    let $params := map {
+        "method" : "html",
+        "html-version": 5.0
+    }
+    return
+        <option selected="selected"/>
+        => serialize($params)
+        => normalize-space()
+};
+
+declare
+    %test:assertEquals('<!DOCTYPE html> <br>')
+function ser:serialize-html-5-empty-tags() {
+    let $params := map {
+        "method" : "html",
+        "html-version": 5.0
+    }
+    return
+        <br/>
+        => serialize($params)
+        => normalize-space()
+};
+
+declare
+    %test:assertEquals('<!DOCTYPE html> <foo><style>ul > li { color:red; }</style><script>if (a < b) foo()</script></foo>')
+function ser:serialize-html-5-raw-text-elements() {
+    let $params := map {
+        "method" : "html",
+        "html-version": 5.0
+    }
+    return
+        <foo>
+            <style>{``[ul > li { 
+                color:red; 
+            }]``}</style>
+            <script>{``[if (a < b) foo()]``}</script>
+        </foo>
+        => serialize($params)
+        => normalize-space()
+};
+
+declare
+    %test:assertEquals('<!DOCTYPE html> <foo><title>ul &amp;gt; li { color:red; }</title><textarea>if (a &amp;lt; b) foo()</textarea></foo>')
+function ser:serialize-html-5-needs-escape-elements() {
+    let $params := map {
+        "method" : "html",
+        "html-version": 5.0
+    }
+    return
+        <foo>
+            <title>{``[ul > li { 
+                color:red; 
+            }]``}</title>
+            <textarea>{``[if (a < b) foo()]``}</textarea>
+        </foo>
+        => serialize($params)
+        => normalize-space()
+};

Original file line number	Diff line number	Diff line change
`@@ -141,8 +141,6 @@ public class HTML5Writer extends XHTML5Writer {`
`141`	`141`	`static {`
`142`	`142`	`RAW_TEXT_ELEMENTS.add("script");`
`143`	`143`	`RAW_TEXT_ELEMENTS.add("style");`
`144`		`- RAW_TEXT_ELEMENTS.add("textarea");`
`145`		`- RAW_TEXT_ELEMENTS.add("title");`
`146`	`144`	`}`
`147`	`145`
`148`	`146`	`public HTML5Writer() {`