feat: Allow passing comment via argument

stephannv · Sep 9, 2024 · 8d5c295 · 8d5c295
1 parent 3cf6f16
commit 8d5c295
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/spec/blueprint/html/safety_spec.cr b/spec/blueprint/html/safety_spec.cr
@@ -12,6 +12,7 @@ private class DummyPage
     render(DummyComponent.new) { "<script>alert('DummyComponent')</script>" }
     div(class: "some-class\" onblur=\"alert('Attribute')")
     comment { "--><script>alert('Plain Text')</script><!--" }
+    comment "--><script>alert('Another plain text')</script><!--"
     v_btn "<script>alert('content')</script>"
     v_btn(class: "some-class\" onclick=\"alert('Attribute')") { "<script>alert('hello')</script>" }
   end
@@ -71,7 +72,7 @@ describe "Blueprint::HTML safety" do
     page.to_html.should contain(expected_html)
   end
 
-  it "escapes comment contents" do
+  it "escapes comment content passed via block" do
     page = DummyPage.new
     expected_html = <<-HTML.strip
       <!----&gt;&lt;script&gt;alert(&#39;Plain Text&#39;)&lt;/script&gt;&lt;!---->
@@ -80,6 +81,15 @@ describe "Blueprint::HTML safety" do
     page.to_html.should contain(expected_html)
   end
 
+  it "escapes comment content passed via argument" do
+    page = DummyPage.new
+    expected_html = <<-HTML.strip
+      <!----&gt;&lt;script&gt;alert(&#39;Another plain text&#39;)&lt;/script&gt;&lt;!---->
+    HTML
+
+    page.to_html.should contain(expected_html)
+  end
+
   it "escapes custom tag content passed via argument" do
     page = DummyPage.new
     expected_html = <<-HTML.strip

diff --git a/spec/blueprint/html/utils_spec.cr b/spec/blueprint/html/utils_spec.cr
@@ -15,6 +15,7 @@ private class DummyPage
     plain "User"
 
     comment { "This is an html comment" }
+    comment "This is another html comment"
   end
 end
 
@@ -36,11 +37,17 @@ describe "Blueprint::HTML utils" do
   end
 
   describe "#comment" do
-    it "renders an html comment" do
+    it "renders an html comment passed via block" do
       page = DummyPage.new
 
       page.to_html.should contain("<!--This is an html comment-->")
     end
+
+    it "renders an html comment passed via argument" do
+      page = DummyPage.new
+
+      page.to_html.should contain("<!--This is another html comment-->")
+    end
   end
 
   describe "#whitespace" do

diff --git a/src/blueprint/html/utils.cr b/src/blueprint/html/utils.cr
@@ -13,6 +13,12 @@ module Blueprint::HTML
     @buffer << "-->"
   end
 
+  private def comment(content : String) : Nil
+    @buffer << "<!--"
+    ::HTML.escape(content, @buffer)
+    @buffer << "-->"
+  end
+
   private def whitespace : Nil
     @buffer << " "
   end