Skip to content

Commit

Permalink
Merge pull request #85 from stckme/pass-by-value
Browse files Browse the repository at this point in the history 
Pass by value
  • Loading branch information
@gauravr
gauravr authored Feb 21, 2024
2 parents fbf424c + 8e7c25b commit b2fe1ba
Show file tree
Hide file tree
Showing 6 changed files with 20 additions and 17 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
History
=======

0.18.1 (2024-02-21)
-------------------
- Fixed blocks data getting updated due to pass by reference

0.18.0 (2024-02-09)
-------------------
- html.escape all the attributes
Expand Down
2 changes: 1 addition & 1 deletion setup.cfg
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[bumpversion]
current_version = 0.18.0
current_version = 0.18.1
commit = True
tag = True

Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

setup(
name="tiptapy",
version="0.18.0", # TODO: why bumpversion works only for single quotes?
version="0.18.1", # TODO: why bumpversion works only for single quotes?
url="https://github.com/scrolltech/tiptapy",
description="Library that generates HTML output from JSON export of tiptap editor",
long_description=open("README.md").read(),
Expand Down
2 changes: 1 addition & 1 deletion tests/data/html/xss.html
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
<div data-foo="&quot;/&gt;&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;" data-&gt;&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;="foo"><p><a foo="&quot;&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;" &gt;&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;="foo" target="_blank" rel="noopener nofollow">&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;</a></p></div>
<div data-foo="&quot;/&gt;&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;" data-&gt;&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;="foo"><p><a &gt;&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;="foo" foo="&quot;&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;" target="_blank" rel="noopener nofollow">&lt;script&gt;alert(&#x27;pwned!&#x27;);&lt;/script&gt;</a></p></div>
9 changes: 7 additions & 2 deletions tests/test_transform.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import os
from copy import deepcopy

import pytest

Expand Down Expand Up @@ -87,7 +88,11 @@ def test_html_tag(tag):
Test expected json input with the expected html.
"""
tag_data = json_data[tag]
expected_html = html_data[tag]
tag_data_copy = deepcopy(tag_data)
expected_html = html_data[tag].strip()

renderer = tiptapy.BaseDoc(config)
assert renderer.render(tag_data) == expected_html.strip()
rendered_html = renderer.render(tag_data).strip()

assert rendered_html == expected_html
assert tag_data == tag_data_copy # Test pass by value
18 changes: 6 additions & 12 deletions tiptapy/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
make_img_src,
)

__version__ = "0.18.0"
__version__ = "0.18.1"

renderers: Dict = {}

Expand Down Expand Up @@ -50,18 +50,12 @@ def escape_values_recursive(node):
skip_key = "html"

if isinstance(node, dict):
items = list(node.items())
for k, v in items:
esc_k = escape(k)
if k != esc_k:
del node[k]
if esc_k == skip_key:
node[esc_k] = v
else:
node[esc_k] = escape_values_recursive(v)
return {
escape(k): v if k == skip_key else escape_values_recursive(v)
for k, v in node.items()
}
elif isinstance(node, list):
for i, v in enumerate(node):
node[i] = escape_values_recursive(v)
return [escape_values_recursive(x) for x in node]
elif isinstance(node, str):
return escape(node)
return node
Expand Down

0 comments on commit b2fe1ba

Please sign in to comment.