AG-34947 Fix 'trusted-replace-node-text' — output literal quotes for escaped quotes. #440

Squashed commit of the following:

commit 94b028d
Author: Slava Leleka <v.leleka@adguard.com>
Date:   Tue May 13 15:08:42 2025 +0300

    Use a different quotes

commit a2d2dfb
Author: Adam Wróblewski <adam@adguard.com>
Date:   Tue May 13 12:39:56 2025 +0200

    Fix escaping quotes in `trusted-replace-node-text` scriptlet

Author: AdamWr

CHANGELOG.md

@@ -26,12 +26,14 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic
 
 ### Fixed
 
+- Escaping quotes in `trusted-replace-node-text` scriptlet [#440].
 - `trusted-suppress-native-method` scriptlet, `isMatchingSuspended` was not reset when the stack does not match,
   so in some cases given method was not prevented [#496].
 
 [Unreleased]: https://github.com/AdguardTeam/Scriptlets/compare/v2.1.7...HEAD
 [#392]: https://github.com/AdguardTeam/Scriptlets/issues/392
 [#416]: https://github.com/AdguardTeam/Scriptlets/issues/416
+[#440]: https://github.com/AdguardTeam/Scriptlets/issues/440
 [#477]: https://github.com/AdguardTeam/Scriptlets/issues/477
 [#496]: https://github.com/AdguardTeam/Scriptlets/issues/496
 [#497]: https://github.com/AdguardTeam/Scriptlets/issues/497

src/helpers/node-text-utils.ts

@@ -111,7 +111,11 @@ export const replaceNodeText = (
 ): void => {
     const { textContent } = node;
     if (textContent) {
-        let modifiedText = textContent.replace(pattern, replacement);
+        // Remove quotes' escapes for cases where scriptlet rule argument has own escaped quotes
+        // https://github.com/AdguardTeam/Scriptlets/issues/440
+        let modifiedText = textContent.replace(pattern, replacement)
+            .replace(/\\'/g, "'")
+            .replace(/\\"/g, '"');
 
         // For websites that use Trusted Types
         // https://w3c.github.io/webappsec-trusted-types/dist/spec/

tests/scriptlets/trusted-replace-node-text.test.js

@@ -72,6 +72,35 @@ test('simple case', (assert) => {
     }, 1);
 });
 
+test('simple case - check if quotes are correctly escaped', (assert) => {
+    const done = assert.async();
+
+    const nodeName = 'div';
+    const textMatch = 'alert';
+    const pattern = '/alert\\(\\\'test\\\'\\)/';
+    const replacement = 'alert(\\\'replaced\\\')';
+    const text = "alert('test')";
+    const expectedText = "alert('replaced')";
+
+    const nodeBefore = addNode('div', text);
+    const safeNodeBefore = addNode('a', text);
+
+    runScriptlet(name, [nodeName, textMatch, pattern, replacement]);
+
+    const nodeAfter = addNode('div', text);
+    const safeNodeAfter = addNode('span', text);
+    setTimeout(() => {
+        assert.strictEqual(nodeAfter.textContent, expectedText, 'text content should be modified');
+        assert.strictEqual(nodeBefore.textContent, expectedText, 'text content should be modified');
+
+        assert.strictEqual(safeNodeAfter.textContent, text, 'non-matched node should not be affected');
+        assert.strictEqual(safeNodeBefore.textContent, text, 'non-matched node should not be affected');
+
+        assert.strictEqual(window.hit, 'FIRED', 'hit function should fire');
+        done();
+    }, 1);
+});
+
 test('using matchers as regexes', (assert) => {
     const done = assert.async();