Skip to content

[6.x] Fix show_field escaping when using form:create and form:fields tags in blade #11691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 14, 2025
Merged

[6.x] Fix show_field escaping when using form:create and form:fields tags in blade #11691

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dd1ee94
Forgot to change these.
jesseleite Apr 11, 2025
8345937
Add test coverage for escaping show_field JS with blade component.
jesseleite Apr 11, 2025
f108229
Fix for `{{ $field[‘show_field’] }}` escaping in blade.
jesseleite Apr 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/Tags/Concerns/RendersForms.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@
namespace Statamic\Tags\Concerns;

use Closure;
use Illuminate\Support\HtmlString;
use Illuminate\Support\MessageBag;
use Statamic\Fields\Field;
use Statamic\Forms\RenderableField;
use Statamic\Support\Arr;
use Statamic\Support\Str;

trait RendersForms
Expand Down Expand Up @@ -167,6 +169,10 @@ protected function getRenderableField($field, $errorBag = 'default', $manipulate
$data = $manipulateDataCallback($data, $field);
}

if ($showField = Arr::get($data, 'show_field')) {
$data['show_field'] = new HtmlString($showField);
}

$data['field'] = new RenderableField($field, $data);

return $data;
Expand Down
29 changes: 29 additions & 0 deletions tests/Tags/Form/FormCreateAlpineTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -809,6 +809,35 @@ public function it_merges_any_x_data_passed_to_the_tag()
$this->assertStringContainsString($expected, $output);
}

#[Test]
public function it_properly_escapes_show_field_js_in_blade()
{
$output = $this->blade(<<<'EOT'
<s:form:contact js="alpine">
<template x-if="{{ $show_field['message'] }}"></template>
<template x-if="{{ $show_field['my_favourites'] }}"></template>
<template x-if="{{ $show_field['my_favourites.favourite_animals'] }}"></template>
<s:form:fields>
@if ($field['handle'] === 'message')
<template x-if="{{ $field['show_field'] }}"></template>
@endif
</s:form:fields>
</s:form:contact>
EOT
);

preg_match_all('/<template x-if="(.+)"><\/template>/U', $output, $js);

$expected = [
'Statamic.$conditions.showField('.$this->jsonEncode(['if' => ['email' => 'not empty']]).', $data, \'message\')',
'Statamic.$conditions.showField('.$this->jsonEncode(['if' => ['name' => 'not empty']]).', $data, \'my_favourites\')',
'Statamic.$conditions.showField('.$this->jsonEncode(['if' => ['$root.likes_animals' => 'is true']]).', $data, \'my_favourites.favourite_animals\')',
'Statamic.$conditions.showField('.$this->jsonEncode(['if' => ['email' => 'not empty']]).', $data, \'message\')',
];

$this->assertSame($expected, $js[1]);
}

private function jsonEncode($data)
{
return Statamic::modify($data)->toJson()->entities();
Expand Down
12 changes: 6 additions & 6 deletions tests/Tags/Form/FormCreateCustomDriverTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,9 @@ public function custom_driver_can_add_to_renderable_field_data()
{
$output = $this->tag(<<<'EOT'
{{ form:contact js="custom_driver" }}
{{ fields }}
{{ form:fields }}
<script>{{ custom_field_js }}</script>
{{ /fields }}
{{ /form:fields }}
{{ /form:contact }}
EOT
);
Expand All @@ -74,9 +74,9 @@ public function custom_driver_can_add_to_renderable_field_attributes()
{
$output = $this->normalizeHtml($this->tag(<<<'EOT'
{{ form:contact js="custom_driver" }}
{{ fields }}
{{ form:fields }}
{{ field }}
{{ /fields }}
{{ /form:fields }}
{{ /form:contact }}
EOT
));
Expand All @@ -100,9 +100,9 @@ public function custom_driver_get_show_field_js_in_dynamic_fields_array()
{
$output = $this->tag(<<<'EOT'
{{ form:contact js="custom_driver" }}
{{ fields }}
{{ form:fields }}
<script>{{ show_field }}</script>
{{ /fields }}
{{ /form:fields }}
{{ /form:contact }}
EOT
);
Expand Down
10 changes: 8 additions & 2 deletions tests/Tags/Form/FormTestCase.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace Tests\Tags\Form;

use Illuminate\Support\Facades\Blade;
use Statamic\Facades\Blueprint;
use Statamic\Facades\Form;
use Statamic\Facades\Parse;
Expand Down Expand Up @@ -67,9 +68,14 @@ public function post($uri, array $data = [], array $headers = [])
], $headers));
}

protected function tag($tag, $params = [])
protected function tag($string, $context = [])
{
return Parse::template($tag, $params);
return Parse::template($string, $context);
}

protected function blade($string, $context = [])
{
return Blade::render($string, $context);
}

protected function createForm($blueprintContents = null, $handle = null)
Expand Down