Skip to content

Fixes issue 1537 - OOB does not escape query selector - updated version #3304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
1cg merged 6 commits into from
Jun 2, 2025
Merged

Fixes issue 1537 - OOB does not escape query selector - updated version #3304

1cg merged 6 commits into from
Jun 2, 2025

Conversation

@MAW016
Copy link
Contributor

@MAW016 MAW016 commented May 7, 2025

Description

This change alters how the oobSwap function builds the query selector string. Problem is usage of raw_id value obtained from getRawAttribute(oobElement, "id") without escaping.

Original PR by https://github.com/FraserChapman is here: #2319 but there is no activity, so I decided to take over.

This fix allows the call querySelectorAll to return the nodelist of all elements with the ids such as "foo-/bar" - without getting "Failed to execute 'querySelectorAll' on 'Document': '#foo-/bar' is not a valid selector, and whilst not limiting the selection to the first matching id in the document.

Corresponding issue:
#1537

Testing

I ran the htmx.js test suite Version: 2.0.4 and got 0 failures
I also manually tested ids such as "foo-/bar" and it all seems to be working as expected.

Further to this I've added test cases for

'handles elements with IDs containing special characters properly'

and

'handles one swap into multiple elements with the same ID properly'

And re- ran the htmx.js test suite Version: 2.0.4 and got 0 failures

Checklist

  • I have read the contribution guidelines
  • I have targeted this PR against the correct branch (master for website changes, dev for
    source changes)
  • This is either a bugfix, a documentation update, or a new feature that has been explicitly
    approved via an issue
  • I ran the test suite locally (npm run test) and verified that it succeeded
@MAW016 MAW016 marked this pull request as ready for review May 7, 2025 19:24
@Telroshan Telroshan added the bug Something isn't working label May 8, 2025
@Telroshan Telroshan added the ready for review Issues that are ready to be considered for merging label May 8, 2025
@MAW016 MAW016 closed this May 14, 2025
@MAW016 MAW016 reopened this May 14, 2025
@1cg
Copy link
Contributor

1cg commented Jun 2, 2025

Wow, I had no idea CSS.escape() (or even CSS) existed... Thank you!
@1cg 1cg merged commit 730bd82 into bigskysoftware:dev Jun 2, 2025
1 check passed
@MAW016
Copy link
Contributor Author

MAW016 commented Jun 3, 2025

Wow, I had no idea CSS.escape() (or even CSS) existed... Thank you!

Me neither, but this issue forced me to search for some elegant solution :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working ready for review Issues that are ready to be considered for merging

4 participants

@MAW016 @1cg @Telroshan @FraserChapman