From cc0fbcd9b31cb5ec589d21fcfa1ca22aa60f3f7e Mon Sep 17 00:00:00 2001
From: Brian Cardarella <bcardarella@gmail.com>
Date: Wed, 21 Feb 2024 02:48:35 -0500
Subject: [PATCH] Fix attribute value safe bug

Fixed bug for when attribute values are derived from
lists or maps
---
 lib/live_view_native/template.ex        |  7 +---
 lib/live_view_native/template/safe.ex   |  2 +-
 mix.exs                                 |  1 +
 test/live_view_native/template_test.exs | 50 ++++++++++++++++++++++++-
 4 files changed, 53 insertions(+), 7 deletions(-)

diff --git a/lib/live_view_native/template.ex b/lib/live_view_native/template.ex
index 45b22aa..2321f3e 100644
--- a/lib/live_view_native/template.ex
+++ b/lib/live_view_native/template.ex
@@ -10,9 +10,6 @@ defmodule LiveViewNative.Template do
     end)
   end
 
-  def escape({:safe, _} = safe), do: safe
-  def escape(other), do: {:safe, LiveViewNative.Engine.encode_to_iodata!(other)}
-
   def attributes_escape(attrs) when is_list(attrs) do
     {:safe, build_attrs(attrs)}
   end
@@ -22,7 +19,7 @@ defmodule LiveViewNative.Template do
   end
 
   defp build_attrs([{k, true} | t]),
-  do: [?\s, key_escape(k) | build_attrs(t)]
+    do: [?\s, key_escape(k) | build_attrs(t)]
 
   defp build_attrs([{_, false} | t]),
     do: build_attrs(t)
@@ -104,6 +101,6 @@ defmodule LiveViewNative.Template do
   defp attr_escape(attr)
   defp attr_escape({:safe, data}), do: data
   defp attr_escape(nil), do: []
-  defp attr_escape(other) when is_binary(other), do: LiveViewNative.Template.escape(other)
+  defp attr_escape(other) when is_binary(other), do: Phoenix.HTML.Engine.html_escape(other)
   defp attr_escape(other), do: LiveViewNative.Template.Safe.to_iodata(other)
 end
diff --git a/lib/live_view_native/template/safe.ex b/lib/live_view_native/template/safe.ex
index 9928aa1..b2f24e0 100644
--- a/lib/live_view_native/template/safe.ex
+++ b/lib/live_view_native/template/safe.ex
@@ -35,7 +35,7 @@ defimpl LiveViewNative.Template.Safe, for: Atom do
 end
 
 defimpl LiveViewNative.Template.Safe, for: BitString do
-  defdelegate to_iodata(data), to: LiveViewNative.Template, as: :escape
+  defdelegate to_iodata(data), to: Phoenix.HTML, as: :html_escape
 end
 
 defimpl LiveViewNative.Template.Safe, for: Time do
diff --git a/mix.exs b/mix.exs
index 5086dad..babcc52 100644
--- a/mix.exs
+++ b/mix.exs
@@ -34,6 +34,7 @@ defmodule LiveViewNative.MixProject do
       {:phoenix_live_view, github: "phoenixframework/phoenix_live_view", ref: "4939fb8", override: true},
       {:phoenix_live_reload, "~> 1.4", only: :test},
       {:phoenix_template, "~> 1.0.4"},
+      {:phoenix_html, "~> 3.3 or ~> 4.0 or ~> 4.1"},
       {:floki, ">= 0.30.0", only: :test},
       {:plug, "~> 1.15"},
       {:jason, "~> 1.2"},
diff --git a/test/live_view_native/template_test.exs b/test/live_view_native/template_test.exs
index 58158dd..df46ace 100644
--- a/test/live_view_native/template_test.exs
+++ b/test/live_view_native/template_test.exs
@@ -2,16 +2,64 @@ defmodule LiveViewNative.TemplateTest do
   use ExUnit.Case, async: false
   import LiveViewNative.Component, only: [sigil_LVN: 2]
 
+  describe "value embedding" do
+    test "can embed values with EEx statement" do
+      assigns = %{foo: "bar"}
+
+      assert ~LVN"""
+      <Foo><%= @foo %></Foo>
+      """
+      |> render() =~ ~S(<Foo>bar</Foo>)
+    end
+
+    test "can embed values from maps" do
+      data = %{"foo" => "bar"}
+      assigns = %{data: data}
+
+      assert ~LVN"""
+      <Foo><%= @data["foo"] %></Foo>
+      """
+      |> render() =~ ~S(<Foo>bar</Foo>)
+    end
+  end
+
   describe "attributes" do
     test "won't stringify attribute names" do
       assigns = %{}
 
       assert ~LVN"""
-      <Foo foo_bar = "123" />
+      <Foo foo_bar="123" />
       """
       |> render() =~ ~S(<Foo foo_bar="123"></Foo>)
     end
 
+    test "accepts string values" do
+      assigns = %{}
+
+      assert ~LVN"""
+      <Foo foo={"bar"} />
+      """
+      |> render() =~ ~S(<Foo foo="bar"></Foo>)
+    end
+
+    test "accepts values from maps" do
+      assigns = %{}
+
+      assert ~LVN"""
+      <Foo foo={%{"foo" => "bar"}["foo"]} />
+      """
+      |> render() =~ ~S(<Foo foo="bar"></Foo>)
+    end
+
+    test "accepts values from lists" do
+      assigns = %{}
+
+      assert ~LVN"""
+      <Foo foo={[foo: "bar"][:foo]} />
+      """
+      |> render() =~ ~S(<Foo foo="bar"></Foo>)
+    end
+
     test "accepts numbers for id" do
       assigns = %{}