diff --git a/src/Latte/Compiler/Escaper.php b/src/Latte/Compiler/Escaper.php index 32f8af7ff..647a98571 100644 --- a/src/Latte/Compiler/Escaper.php +++ b/src/Latte/Compiler/Escaper.php @@ -220,7 +220,7 @@ public function escape(string $str): string } - public function escapeMandatory(string $str): string + public function escapeMandatory(string $str, ?Position $position = null): string { return match ($this->contentType) { ContentType::Html => match ($this->state) { @@ -229,10 +229,12 @@ public function escapeMandatory(string $str): string self::HtmlText => 'LR\Filters::convertHtmlToHtmlRawText(' . $str . ')', default => "LR\\Filters::convertJSToHtmlRawText($str)", }, + self::HtmlComment => throw new Latte\CompileException('Using |noescape is not allowed in this context.', $position), default => $str, }, ContentType::Xml => match ($this->state) { self::HtmlAttribute => "LR\\Filters::escapeHtmlQuotes($str)", + self::HtmlComment => throw new Latte\CompileException('Using |noescape is not allowed in this context.', $position), default => $str, }, default => $str, diff --git a/src/Latte/Compiler/Nodes/Php/ModifierNode.php b/src/Latte/Compiler/Nodes/Php/ModifierNode.php index 6f71d09e7..d9f868e7f 100644 --- a/src/Latte/Compiler/Nodes/Php/ModifierNode.php +++ b/src/Latte/Compiler/Nodes/Php/ModifierNode.php @@ -70,7 +70,7 @@ public function printSimple(PrintContext $context, string $expr): string $expr = $escape ? $escaper->escape($expr) - : $escaper->escapeMandatory($expr); + : $escaper->escapeMandatory($expr, $this->position); return $expr; } diff --git a/tests/common/contentType.html.comments.phpt b/tests/common/contentType.html.comments.phpt index 7914b7cf8..c88efd957 100644 --- a/tests/common/contentType.html.comments.phpt +++ b/tests/common/contentType.html.comments.phpt @@ -23,3 +23,12 @@ Assert::matchFile( $params, ), ); + + +// no escape +$latte->setLoader(new Latte\Loaders\StringLoader); +Assert::exception( + fn() => $latte->renderToString('"|noescape} -->'), + Latte\CompileException::class, + 'Using |noescape is not allowed in this context (on line 1 at column 13)', +);