bug #969 [TwigComponent] Fix escaping stimulus attributes (1ed)

weaverryan · weaverryan · commit a5ba00dd52ad · 2023-06-25T09:26:51.000-04:00
This PR was merged into the 2.x branch. Discussion ---------- [TwigComponent] Fix escaping stimulus attributes | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | Tickets | Fix #968 | License | MIT I think we should do this as late as possible, e.g. in `__toString` or only in twig and maybe for all the attributes. So this feels like a naive solution, but it works for now. Commits ------- 551c9d6 [TwigComponent] Fix escaping stimulus attributes
diff --git a/src/StimulusBundle/src/Dto/StimulusAttributes.php b/src/StimulusBundle/src/Dto/StimulusAttributes.php
@@ -179,6 +179,16 @@ public function toArray(): array
         return array_merge($attributes, $this->attributes);
     }
 
+    public function toEscapedArray(): array
+    {
+        $escaped = [];
+        foreach ($this->toArray() as $key => $value) {
+            $escaped[$key] = $this->escapeAsHtmlAttr($value);
+        }
+
+        return $escaped;
+    }
+
     private function getFormattedValue(mixed $value): string
     {
         if ($value instanceof \Stringable || (\is_object($value) && \is_callable([$value, '__toString']))) {
diff --git a/src/TwigComponent/src/ComponentAttributes.php b/src/TwigComponent/src/ComponentAttributes.php
@@ -69,6 +69,10 @@ public function all(): array
      */
     public function defaults(iterable $attributes): self
     {
+        if ($attributes instanceof StimulusAttributes) {
+            $attributes = $attributes->toEscapedArray();
+        }
+
         if ($attributes instanceof \Traversable) {
             $attributes = iterator_to_array($attributes);
         }
diff --git a/src/TwigComponent/tests/Unit/ComponentAttributesTest.php b/src/TwigComponent/tests/Unit/ComponentAttributesTest.php
@@ -134,14 +134,15 @@ public function testCanAddStimulusControllerViaStimulusAttributes(): void
         ]);
 
         $stimulusAttributes = new StimulusAttributes(new Environment(new ArrayLoader()));
-        $stimulusAttributes->addController('foo', ['name' => 'ryan']);
+        $stimulusAttributes->addController('foo', ['name' => 'ryan', 'some_array' => ['a', 'b']]);
         $attributes = $attributes->defaults($stimulusAttributes);
 
         $this->assertEquals([
             'class' => 'foo',
             'data-controller' => 'foo live',
             'data-live-data-value' => '{}',
             'data-foo-name-value' => 'ryan',
+            'data-foo-some-array-value' => '&#x5B;&quot;a&quot;,&quot;b&quot;&#x5D;',
         ], $attributes->all());
     }
 

Original file line number	Diff line number	Diff line change
`@@ -69,6 +69,10 @@ public function all(): array`
`69`	`69`	`*/`
`70`	`70`	`public function defaults(iterable $attributes): self`
`71`	`71`	`{`
	`72`	`+ if ($attributes instanceof StimulusAttributes) {`
	`73`	`+ $attributes = $attributes->toEscapedArray();`
	`74`	`+ }`
	`75`	`+`
`72`	`76`	`if ($attributes instanceof \Traversable) {`
`73`	`77`	`$attributes = iterator_to_array($attributes);`
`74`	`78`	`}`