escape css class names

Author: lovasoa

CHANGELOG.md

@@ -5,6 +5,9 @@
   - This avoids accidental deletion by bots following links, and is more in line with HTTP semantics.
  - In the table component, the `_col_` prefix is now added to column names in CSS classes. This avoids conflicts with other CSS classes that might be used in the page.
   - fixes https://github.com/sqlpage/SQLPage/issues/830
+  - This is a breaking change for custom CSS rules that target table columns by their name.
+    - Before: `.my_column { ... }`
+    - After: `._col_my_column { ... }`
 
 ## 0.33.1 (2025-02-25)
 

sqlpage/templates/table.handlebars

@@ -34,7 +34,7 @@
                             {{#each this}}
                                 {{#if (not (starts_with @key '_sqlpage_'))}}
                                 <th class="
-                                    _col_{{~@key~}}
+                                    _col_{{replace @key ' ' '_'~}}
                                     {{~#if (array_contains_case_insensitive ../../align_right @key)}} text-end {{/if~}}
                                     {{~#if (array_contains_case_insensitive ../../align_center @key)}} text-center {{/if~}}
                                 "
@@ -58,7 +58,7 @@
                     <tr class="{{_sqlpage_css_class}} {{#if _sqlpage_color}}bg-{{_sqlpage_color}}-lt{{/if}}" {{#if _sqlpage_id}}id="{{_sqlpage_id}}"{{/if}}>
                         {{~#each this~}}
                             {{~#if (not (starts_with @key '_sqlpage_'))~}}
-                            <td class="align-middle {{@key~}}
+                            <td class="align-middle _col_{{replace @key ' ' '_'~}}
                                 {{~#if (array_contains_case_insensitive ../../align_right @key)}} text-end {{/if~}}
                                 {{~#if (array_contains_case_insensitive ../../align_center @key)}} text-center {{/if~}}
                             ">

src/template_helpers.rs

@@ -16,6 +16,8 @@ type H = fn(&JsonValue) -> JsonValue;
 type EH = fn(&JsonValue) -> anyhow::Result<JsonValue>;
 /// Helper that takes two arguments
 type HH = fn(&JsonValue, &JsonValue) -> JsonValue;
+/// Helper that takes three arguments
+type HHH = fn(&JsonValue, &JsonValue, &JsonValue) -> JsonValue;
 
 pub fn register_all_helpers(h: &mut Handlebars<'_>, config: &AppConfig) {
     let site_prefix = config.site_prefix.clone();
@@ -27,6 +29,7 @@ pub fn register_all_helpers(h: &mut Handlebars<'_>, config: &AppConfig) {
     register_helper(h, "parse_json", parse_json_helper as EH);
     register_helper(h, "default", default_helper as HH);
     register_helper(h, "entries", entries_helper as H);
+    register_helper(h, "replace", replace_helper as HHH);
     // delay helper: store a piece of information in memory that can be output later with flush_delayed
     h.register_helper("delay", Box::new(delay_helper));
     h.register_helper("flush_delayed", Box::new(flush_delayed_helper));
@@ -464,6 +467,15 @@ impl CanHelp for HH {
     }
 }
 
+impl CanHelp for HHH {
+    fn call(&self, args: &[PathAndJson]) -> Result<JsonValue, String> {
+        match args {
+            [a, b, c] => Ok(self(a.value(), b.value(), c.value())),
+            _ => Err("expected three arguments".to_string()),
+        }
+    }
+}
+
 struct JFun<F: CanHelp> {
     name: &'static str,
     fun: F,
@@ -488,6 +500,23 @@ fn register_helper(h: &mut Handlebars, name: &'static str, fun: impl CanHelp) {
     h.register_helper(name, Box::new(JFun { name, fun }));
 }
 
+fn replace_helper(text: &JsonValue, original: &JsonValue, replacement: &JsonValue) -> JsonValue {
+    let text_str = match text {
+        JsonValue::String(s) => s,
+        other => &other.to_string(),
+    };
+    let original_str = match original {
+        JsonValue::String(s) => s,
+        other => &other.to_string(),
+    };
+    let replacement_str = match replacement {
+        JsonValue::String(s) => s,
+        other => &other.to_string(),
+    };
+    
+    text_str.replace(original_str, replacement_str).into()
+}
+
 #[test]
 fn test_rfc2822_date() {
     assert_eq!(