From 2eb60b8be25a4b0fe3f1c5d5ca302e7e68190bad Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@lukeshu.com>
Date: Thu, 16 Feb 2023 17:20:41 -0700
Subject: compat/json: Don't do actual JSON parsing in HTMLEscape

---
 compat/json/compat.go      | 21 ++++++++++++++++++++-
 compat/json/compat_test.go | 21 +++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

(limited to 'compat/json')

diff --git a/compat/json/compat.go b/compat/json/compat.go
index d326514..edc6908 100644
--- a/compat/json/compat.go
+++ b/compat/json/compat.go
@@ -11,10 +11,13 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"strconv"
+	"unicode/utf8"
 
 	"git.lukeshu.com/go/lowmemjson"
+	"git.lukeshu.com/go/lowmemjson/internal/jsonstring"
 )
 
 //nolint:stylecheck // ST1021 False positive; these aren't comments on individual types.
@@ -144,7 +147,23 @@ func convertReEncodeError(err error) error {
 }
 
 func HTMLEscape(dst *bytes.Buffer, src []byte) {
-	_, _ = lowmemjson.NewReEncoder(dst, lowmemjson.ReEncoderConfig{}).Write(src)
+	for n := 0; n < len(src); {
+		c, size := utf8.DecodeRune(src[n:])
+		if c == utf8.RuneError && size == 1 {
+			dst.WriteByte(src[n])
+		} else {
+			mode := lowmemjson.EscapeHTMLSafe(c, lowmemjson.BackslashEscapeNone)
+			switch mode {
+			case lowmemjson.BackslashEscapeNone:
+				dst.WriteRune(c)
+			case lowmemjson.BackslashEscapeUnicode:
+				_ = jsonstring.WriteStringUnicodeEscape(dst, c)
+			default:
+				panic(fmt.Errorf("lowmemjson.EscapeHTMLSafe returned an unexpected escape mode=%d", mode))
+			}
+		}
+		n += size
+	}
 }
 
 func reencode(dst io.Writer, src []byte, cfg lowmemjson.ReEncoderConfig) error {
diff --git a/compat/json/compat_test.go b/compat/json/compat_test.go
index 128bd1b..0c14a60 100644
--- a/compat/json/compat_test.go
+++ b/compat/json/compat_test.go
@@ -11,6 +11,27 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+func TestCompatHTMLEscape(t *testing.T) {
+	t.Parallel()
+	type testcase struct {
+		In  string
+		Out string
+	}
+	testcases := map[string]testcase{
+		"invalid": {In: `x`, Out: `x`},
+	}
+	for tcName, tc := range testcases {
+		tc := tc
+		t.Run(tcName, func(t *testing.T) {
+			t.Parallel()
+			t.Logf("in=%q", tc.In)
+			var dst bytes.Buffer
+			HTMLEscape(&dst, []byte(tc.In))
+			assert.Equal(t, tc.Out, dst.String())
+		})
+	}
+}
+
 func TestCompatValid(t *testing.T) {
 	t.Parallel()
 	type testcase struct {
-- 
cgit v1.2.3-2-g168b