refactor(adapter-lit): drop Lit 2.x unsafeHTML fallback, Lit 3.x only

SisyphusZheng · SisyphusZheng · commit 61153df0f5e8 · 2026-05-08T20:01:28.000+08:00
- Remove dead Lit 2.x detection path (string marker + _$resolve)
- LessJS uses Lit 3.x exclusively; 2.x fallback was unreachable code
- Delete UNSAFE_HTML_DIRECTIVE constant
- Add 3 unsafeHTML tests (Lit 3.x extraction, mixed escaping, empty content)
- Update comments: v0.6 → v0.6.3
diff --git a/packages/adapter-lit/__tests__/ssr.test.ts b/packages/adapter-lit/__tests__/ssr.test.ts
@@ -226,3 +226,40 @@ Deno.test('renderLitToString passes non-TemplateResult through String()', () =>
   assertEquals(renderLitToString('plain text'), 'plain text');
   assertEquals(renderLitToString(42), '42');
 });
+
+// ─── unsafeHTML Directive Tests ─────────────────────────────────
+
+Deno.test('renderLitToString renders unsafeHTML directive (Lit 3.x)', async () => {
+  // Core bug: blog post content rendered as [object Object]
+  // Lit 3.x: unsafeHTML() returns { _$litDirective$: UnsafeHTML, values: [htmlString] }
+  const { unsafeHTML } = await import('lit/directives/unsafe-html.js');
+  const rawHtml = '<h2>Title</h2><p>Paragraph with <strong>bold</strong></p>';
+  const rendered = renderLitToString(html`
+    <div>${unsafeHTML(rawHtml)}</div>
+  `);
+  assertStringIncludes(rendered, rawHtml);
+  // Must NOT contain [object Object]
+  assertEquals(rendered.includes('[object Object]'), false);
+});
+
+Deno.test('renderLitToString escapes regular content alongside unsafeHTML', async () => {
+  const { unsafeHTML } = await import('lit/directives/unsafe-html.js');
+  const rendered = renderLitToString(html`
+    <section>
+      <p>${'<script>xss</script>'}</p>
+      <div>${unsafeHTML('<em>trusted</em>')}</div>
+    </section>
+  `);
+  // Regular content must be escaped
+  assertStringIncludes(rendered, '&lt;script&gt;xss&lt;/script&gt;');
+  // unsafeHTML content must be raw
+  assertStringIncludes(rendered, '<em>trusted</em>');
+});
+
+Deno.test('renderLitToString handles unsafeHTML with empty/null content', async () => {
+  const { unsafeHTML } = await import('lit/directives/unsafe-html.js');
+  const rendered = renderLitToString(html`
+    <div>${unsafeHTML('')}</div>
+  `);
+  assertEquals(compactHtml(rendered), '<div></div>');
+});
diff --git a/packages/adapter-lit/src/ssr.ts b/packages/adapter-lit/src/ssr.ts
@@ -46,9 +46,6 @@ const LIT_TEMPLATE_TYPE_MARKER = '_$litType$';
 /** Lit's `nothing` sentinel — used to conditionally remove attributes */
 const NOTHING_SYMBOL = Symbol.for('lit-nothing');
 
-/** Lit's unsafeHTML directive marker — bypasses escaping */
-const UNSAFE_HTML_DIRECTIVE = 'lit-html:unsafe-html';
-
 /**
  * Check if a value is a Lit TemplateResult.
  * Works with any Lit version that uses the _$litType$ marker.
@@ -194,27 +191,36 @@ function stringifyContentValue(value: unknown): string {
     return unwrapDsdForNestedCe(result);
   }
 
-  // v0.6: Check if this value has a directive marker that indicates
-  // it should bypass escaping (e.g., unsafeHTML directive).
-  // Lit's unsafeHTML directive returns a special object with properties
-  // that signal "trust this HTML content".
+  // v0.6.3: Detect Lit 3.x unsafeHTML directive to bypass escaping.
+  // unsafeHTML() returns { _$litDirective$: UnsafeHTML, values: [htmlString] }
+  //   - _$litDirective$ is the directive class (not a string)
+  //   - The class has static `directiveName: 'unsafeHTML'` and `resultType: 1`
+  //   - The HTML string is in `values[0]`
   if (typeof value === 'object' && value !== null) {
     const obj = value as Record<string, unknown>;
-    // Check for Lit's unsafeHTML directive marker
-    if (obj._$litDirective$ === UNSAFE_HTML_DIRECTIVE && typeof obj._$resolve === 'function') {
-      try {
-        const resolved = obj._$resolve();
-        if (resolved != null) {
-          const str = String(resolved);
-          // FIX: Also unwrap DSD from unsafeHTML results containing custom elements
-          return unwrapDsdForNestedCe(str);
+    const directiveCtor = obj._$litDirective$;
+
+    if (typeof directiveCtor === 'function') {
+      const ctor = directiveCtor as unknown as Record<string, unknown>;
+      const isUnsafeHtml = ctor.directiveName === 'unsafeHTML' ||
+        ctor.resultType === 1; // resultType 1 = unsafe HTML in Lit 3.x
+
+      if (isUnsafeHtml && obj.values != null) {
+        try {
+          const vals = Array.isArray(obj.values)
+            ? obj.values
+            : Array.from(obj.values as ArrayLike<unknown>);
+          const resolved = vals[0];
+          if (resolved != null) {
+            const str = String(resolved);
+            return unwrapDsdForNestedCe(str);
+          }
+          return '';
+        } catch (e) {
+          log.debug(
+            `unsafeHTML value extraction failed: ${e instanceof Error ? e.message : String(e)}`,
+          );
         }
-        return '';
-      } catch (e) {
-        // If resolution fails, fall through to escaped string
-        log.debug(
-          `Directive resolution failed: ${e instanceof Error ? e.message : String(e)}`,
-        );
       }
     }
     // _$litDirective$ also appears in other Lit directives — fall through
