[BUGFIX] Do not escape characters that do not need escaping in CSS string #1444
Conversation
JakeQZ
left a comment
JakeQZ
left a comment
There was a problem hiding this comment.
I think it could be significantly slower looping through the string rather than using the built-in function (particularly as some strings may be base64-encoded images). Also this is reimplementing some of what addslashes() does.
Wouldn't it be simpler (and more efficient) to use addslashes() as before, then do a str_replace() to replace \' with ' or \" with " depending on the string quoting type?
PS. I agree with adding a separate method to do this. |
|
Updated according to your feedback. |
|
@8ctopus Thanks! Could you please rebase? |
8ctopus
force-pushed
the
css-string-escaping
branch
from
2a66812 to
47970ab
Compare
|
done |
|
Thanks! GitHub is still showing merge conflicts. Could you please have a look? |
8ctopus
force-pushed
the
css-string-escaping
branch
from
47970ab to
676dd8c
Compare
|
now should be good. |
|
Thanks! Now GitHub was able to run the CI jobs. The PHP-CS-Fixer job suggests some improvements. Could you please apply those to get the build green? Thanks! |
|
This time all tests are green, I also added a test to check that we do not escape when not necessary. |
|
Thanks! |
There was a problem hiding this comment.
This looks generally good now.
However, looking at the tests, there don't seem to be any covering that double-quotes within a single-quoted string are no longer escaped, e.g. if string quoting type is ', the quotes in "Hello World" don't need escaping and the result should be '"Hello World"'. Could you add a test for that?
I've suggested a couple of improvements, and a further correction to a comment that was previously wrong.
I'm not sure whether we have a project preference for string concatenation vs interpolation, so am asking @oliverklee for comment...
tests/Unit/Value/CSSStringTest.php
Outdated
| $input = "data:image/svg+xml,%3Csvg width='24' height='24' viewBox='0 0 24 24' fill='none'" . | ||
| " xmlns='http://www.w3.org/2000/svg'%3E%3Cpath fill-rule='evenodd' clip-rule='evenodd'" . | ||
| " d='M14.3145 2 3V11.9987H17.5687L18 8.20761H14.3145L14.32 6.31012C14.32 5.32134 14.4207" . | ||
| ' 4.79153 15.9426 4.79153H17.977V1H14.7223C10.8129 1 9.43687 2.83909 9.43687 ' . | ||
| " 5.93187V8.20804H7V11.9991H9.43687V23H14.3145Z' fill='black'/%3E%3C/svg%3E%0A"; |
There was a problem hiding this comment.
Autoformatting may apply some indentation, but I suggest leaving it as is for now. @oliverklee can run the autoformatter he uses as a post-PR (I think it's part of PHPStorm, which I don't have, and even if you have it, you may not have the same configuration set-up).
done |
For new/updated code, we prefer string concatenation over interpolation (without having a hard-and-fast rule, though). |
oliverklee
changed the title
There was a problem hiding this comment.
looking at the tests, there don't seem to be any covering that double-quotes within a single-quoted string are no longer escaped
done
Thanks for your perseverence <3
I've made a suggestion for what the additional test should cover (to be consistent with the first test for single quotes), and for the test method naming. (The comments appear in order of writing in the Conversation tab, and should be read in that order, which is not in the order of the code. Hope that makes sense and they make sense.)
The code change suggested includes avoiding string interpolation in the one instance covered, though that would still need to resolved in the other three instances as per @oliverklee's comments.
oliverklee
force-pushed
the
css-string-escaping
branch
from
2427608 to
c30444d
Compare
JakeQZ
left a comment
JakeQZ
left a comment
There was a problem hiding this comment.
I've spotted an issue with the changelog change that I previously missed. Another suggestion could also be included in this PR.
| { | ||
| $string = \addslashes($this->string); | ||
| $string = $this->escape($this->string, $outputFormat->getStringQuotingType()); | ||
| $string = \str_replace("\n", '\\A', $string); |
There was a problem hiding this comment.
We should move this to the new escape method as a post-PR. Or maybe it can be done as part of this PR, as I've just spotted an issue with the changelog that also needs resolving.
There was a problem hiding this comment.
I'd prefer to have this as a post-PR cleanup as I still don't fully understand the \\A thing.
CHANGELOG.md
Outdated
| ## 9.2.0: | ||
|
|
||
| ### Fixed | ||
|
|
||
| - Do not escape characters that do not need escaping in CSS string (#1444) | ||
|
|
There was a problem hiding this comment.
I've just spotted that this is in the wrong place (it should be added at the top of the 'Fixed' section above), and that the '9.2.0' heading shouldn't be created yet - we do that when we actually cut the release.
Co-authored-by: JakeQZ <[email protected]>
Co-authored-by: JakeQZ <[email protected]>
Co-authored-by: JakeQZ <[email protected]>
Co-authored-by: JakeQZ <[email protected]>
oliverklee
force-pushed
the
css-string-escaping
branch
from
2b305ac to
56e605e
Compare
4 participants
Add draft to attempt to resolve #1443
There are no specific tests yet, and there are improvements that can be made, I just want to get your approval before I polish things up.