Vue: HTML entities in attributes are not always decoded for string templates

Created on 17 Sep 2018 · 4Comments · Source: vuejs/vue

Version

2.5.17

Reproduction link

Steps to reproduce

Try to dynamically load an input field with a value that contains an encoded single quote (') as plain HTML. Normally the input field will display the single quote in the input box. However, Vue shows the ' in the input box.

~~I tested this with multiple encoded chars, and everything works correctly, except for the single quote.~~ As stated by @HcySunYang, all entities except the 6 he listed have this issue.

What is expected?

A single quote is shown in the input field when loaded async with Vue

What is actually happening?

' is show in the input field when loaded async with Vue

Source

johnnymijnhout

👍2

Most helpful comment

Actually Vue is already using he on Node.js (compile-time and SSR) and leveraging DOM API on the browser side to perform entity decoding. It seems that only attribute values are decoded using the decodingMap mentioned above and I'm not sure it's intentional or just a miss.

Justineo on 25 Sep 2018

👍3

All 4 comments

This is not related to whether the component is asynchronous or not. Non-asynchronous components also have this problem. Vue's html-parser will only process the following entity content:

const decodingMap = {
  '&lt;': '<',
  '&gt;': '>',
  '&quot;': '"',
  '&amp;': '&',
  '&#10;': '\n',
  '&#9;': '\t'
}

it's here: https://github.com/vuejs/vue/blob/dev/src/compiler/parser/html-parser.js#L38-L45.

HcySunYang on 17 Sep 2018

So ''' should be added to the map?

Update: https://jsfiddle.net/sf9cg0db/12/
You are right, also é for example doesn't work... So if manually 6 out of all entities are correctly converted, how should this be fixed then?

johnnymijnhout on 17 Sep 2018

It would not be better to use something like this package?
https://github.com/mdevils/node-html-entities