Merge commit from fork

Author: gwynne

Sources/LeafKit/LeafData/LeafData.swift

@@ -320,7 +320,7 @@ public struct LeafData:
 
     /// Return a HTML-escaped version of this data if it can be converted to a string.
     func htmlEscaped() -> LeafData {
-        guard let string = self.string else {
+        guard let string = self.convert(to: .string, .ambiguous).string else {
             return self
         }
 
@@ -334,7 +334,7 @@ public struct LeafData:
 enum DataConvertible: Int, Equatable, Comparable {
     /// Not implicitly convertible automatically
     case ambiguous = 0
-    /// A coercioni with a clear meaning in one direction
+    /// A coercion with a clear meaning in one direction
     case coercible = 1
     /// A conversion with a well-defined bi-directional casting possibility
     case castable = 2

Sources/LeafKit/LeafData/LeafDataStorage.swift

@@ -64,12 +64,7 @@ indirect enum LeafDataStorage: Equatable, CustomStringConvertible, Sendable {
 
     /// Final serialization to a shared buffer
     func serialize(buffer: inout ByteBuffer) throws {
-        switch self {
-        case .bool, .int, .double, .string, .optional, .array, .dictionary:
-            try buffer.writeString(self.serialize(), encoding: LeafConfiguration.encoding)
-        case .data(let d):
-            buffer.writeData(d)
-        }
+        try buffer.writeString(self.serialize(), encoding: LeafConfiguration.encoding)
     }
 
     // MARK: - Equatable Conformance

Tests/LeafKitTests/TagTests.swift

@@ -12,6 +12,18 @@ final class TagTests: XCTestCase {
         try XCTAssertEqual(render(template, ["name": "<h1>Alex</h1>\"\'"]), expected)
     }
 
+    func testOtherThingsWithHTMLEntities() throws {
+        try XCTAssertEqual(render("#(foo)", ["foo": .data(Data([0x3c, 0x3e, 0xc3, 0xff]))]), "")
+        try XCTAssertEqual(render("#(foo)", ["foo": .data(Data([0x3c, 0x3e, 0xc3, 0xb7]))]), "&lt;&gt;÷")
+        try XCTAssertEqual(render("#(foo)", ["foo": ["<img src=x onerror=alert(1337)>"]]), "[&quot;&lt;img src=x onerror=alert(1337)&gt;&quot;]")
+        try XCTAssertEqual(render("#(foo)", ["foo": ["<img src=x onerror=alert(1337)>": "<img src=x onerror=alert(1337)>"]]), "[&lt;img src=x onerror=alert(1337)&gt;: &quot;&lt;img src=x onerror=alert(1337)&gt;&quot;]")
+
+        try XCTAssertThrowsError(render("#unsafeHTML(foo)", ["foo": .data(Data([0x3c, 0x3e, 0xc3, 0xff]))]))
+        try XCTAssertEqual(render("#unsafeHTML(foo)", ["foo": .data(Data([0x3c, 0x3e, 0xc3, 0xb7]))]), "<>÷")
+        try XCTAssertThrowsError(render("#unsafeHTML(foo)", ["foo": ["<img src=x onerror=alert(1337)>"]]))
+        try XCTAssertThrowsError(render("#unsafeHTML(foo)", ["foo": ["<img src=x onerror=alert(1337)>": "<img src=x onerror=alert(1337)>"]]))
+    }
+
     func testUnsafeTag() throws {
         let template = """
         #unsafeHTML(name)
@@ -255,7 +267,7 @@ final class TagTests: XCTestCase {
         """
 
         let expected = """
-        dumpContext should output debug description [value: "12345"]
+        dumpContext should output debug description [value: &quot;12345&quot;]
         """
 
         try XCTAssertEqual(render(template, data), expected)