archive-gh-me/marko
1
0
Fork 0
mirror of https://github.com/marko-js/marko.git synced 2025-12-08 19:26:05 +00:00
Code Issues Projects Releases Wiki Activity

fix: add validation for dynamic tag names

Browse Source
This commit is contained in:
dpiercey 2025-11-05 09:41:57 -07:00 committed by Dylan Piercey
parent 1e4bdad7e5
commit d25a5a57c5
16 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.changeset/rude-berries-tan.md Normal file
View File

@ -0,0 +1,5 @@
---
"@marko/runtime-tags": patch
---
Add dev mode validation for dynamic tag names.

5
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/.name-cache.json Normal file
View File

@ -0,0 +1,5 @@
{
"vars": {
"props": {}
}
}

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/csr-sanitized.expected.md Normal file
View File

@ -0,0 +1 @@
Invalid tag name: "hello world". Tag names must start with a letter and contain only letters, numbers, periods, hyphens, and underscores.

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/csr.expected.md Normal file
View File

@ -0,0 +1 @@
Invalid tag name: "hello world". Tag names must start with a letter and contain only letters, numbers, periods, hyphens, and underscores.

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/dom.expected/template.hydrate.js Normal file
View File

@ -0,0 +1 @@
// size: 0

9
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/dom.expected/template.js Normal file
View File

@ -0,0 +1,9 @@
export const $template = "<!><!><!>";
export const $walks = /* over(1), replace, over(2) */"b%c";
const tagName = "hello world";
import * as _ from "@marko/runtime-tags/debug/dom";
const $dynamicTag = /* @__PURE__ */_._dynamic_tag("#text/0");
export function $setup($scope) {
$dynamicTag($scope, tagName);
}
export default /* @__PURE__ */_._template("__tests__/template.marko", $template, $walks, $setup);

6
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/html.expected/template.js Normal file
View File

@ -0,0 +1,6 @@
const tagName = "hello world";
import * as _ from "@marko/runtime-tags/debug/html";
export default _._template("__tests__/template.marko", input => {
const $scope0_id = _._scope_id();
_._dynamic_tag($scope0_id, "#text/0", tagName, {}, 0, 0, 0);
});

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/resume-sanitized.expected.md Normal file
View File

@ -0,0 +1 @@
Invalid tag name: "hello world". Tag names must start with a letter and contain only letters, numbers, periods, hyphens, and underscores.

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/resume.expected.md Normal file
View File

@ -0,0 +1 @@
Invalid tag name: "hello world". Tag names must start with a letter and contain only letters, numbers, periods, hyphens, and underscores.

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/ssr-sanitized.expected.md Normal file
View File

@ -0,0 +1 @@
Invalid tag name: "hello world". Tag names must start with a letter and contain only letters, numbers, periods, hyphens, and underscores.

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/__snapshots__/ssr.expected.md Normal file
View File

@ -0,0 +1 @@
Invalid tag name: "hello world". Tag names must start with a letter and contain only letters, numbers, periods, hyphens, and underscores.

3
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/template.marko Normal file
View File

@ -0,0 +1,3 @@
static const tagName = "hello world";
${tagName}

1
packages/runtime-tags/src/__tests__/fixtures/error-dynamic-tag-name/test.ts Normal file
View File

@ -0,0 +1 @@
export const error_runtime = true;

8
packages/runtime-tags/src/common/errors.ts
View File

@ -57,6 +57,14 @@ export function assertExclusiveAttrs(
}
}
export function assertValidTagName(tagName: string) {
if (!/^[a-z][a-z0-9._-]*$/i.test(tagName)) {
throw new Error(
`Invalid tag name: "${tagName}". Tag names must start with a letter and contain only letters, numbers, periods, hyphens, and underscores.`,
);
}
}
function throwErr(msg: string) {
throw new Error(msg);
}

5
packages/runtime-tags/src/dom/control-flow.ts
View File

@ -1,3 +1,4 @@
import { assertValidTagName } from "../common/errors";
import { forIn, forOf, forTo, forUntil } from "../common/for";
import { normalizeDynamicRenderer } from "../common/helpers";
import { DYNAMIC_TAG_SCRIPT_REGISTER_ID } from "../common/meta";
@ -522,6 +523,10 @@ function createBranchWithTagNameOrRenderer(
parentScope: Scope,
parentNode: ParentNode,
) {
if (MARKO_DEBUG && typeof tagNameOrRenderer === "string") {
assertValidTagName(tagNameOrRenderer);
}
const branch = createBranch(
$global,
tagNameOrRenderer,

5
packages/runtime-tags/src/html/dynamic-tag.ts
View File

@ -1,3 +1,4 @@
import { assertValidTagName } from "../common/errors";
import { normalizeDynamicRenderer } from "../common/helpers";
import { DYNAMIC_TAG_SCRIPT_REGISTER_ID } from "../common/meta";
import { type Accessor, AccessorPrefix, ResumeSymbol } from "../common/types";
@ -53,6 +54,10 @@ export let _dynamic_tag = (
let result: unknown;
if (typeof renderer === "string") {
if (MARKO_DEBUG) {
assertValidTagName(renderer);
}
const input = ((inputIsArgs
? (inputOrArgs as unknown[])[0]
: inputOrArgs) || {}) as Record<string, unknown>;