only check forbidden content outside @unblaze

Author: calebporzio

src/Folder/Folder.php

@@ -135,6 +135,9 @@ public function fold(Node $node): Node
 
     protected function validateFoldableComponent(string $source, string $componentPath): void
     {
+        // Strip out @unblaze blocks before validation since they can contain dynamic content
+        $sourceWithoutUnblaze = $this->stripUnblazeBlocks($source);
+
         $problematicPatterns = [
             '@once' => 'forOnce',
             '\\$errors' => 'forErrors',
@@ -147,12 +150,18 @@ protected function validateFoldableComponent(string $source, string $componentPa
         ];
 
         foreach ($problematicPatterns as $pattern => $factoryMethod) {
-            if (preg_match('/' . $pattern . '/', $source)) {
+            if (preg_match('/' . $pattern . '/', $sourceWithoutUnblaze)) {
                 throw InvalidBlazeFoldUsageException::{$factoryMethod}($componentPath);
             }
         }
     }
 
+    protected function stripUnblazeBlocks(string $source): string
+    {
+        // Remove content between @unblaze and @endunblaze (including the directives themselves)
+        return preg_replace('/@unblaze.*?@endunblaze/s', '', $source);
+    }
+
     protected function buildRuntimeDataArray(array $attributeNameToOriginal, string $rawAttributes): string
     {
         $pairs = [];

tests/UnblazeTest.php

@@ -219,3 +219,63 @@
         expect($renders[2])->toContain('Dynamic value: three');
     });
 });
+
+describe('unblaze validation', function () {
+    beforeEach(function () {
+        app('blade.compiler')->anonymousComponentNamespace('', 'x');
+        app('blade.compiler')->anonymousComponentPath(__DIR__ . '/fixtures/components');
+    });
+
+    it('allows $errors inside @unblaze blocks', function () {
+        $input = '<x-with-errors-inside-unblaze />';
+
+        // Should not throw an exception
+        $compiled = app('blaze')->compile($input);
+
+        expect($compiled)->toContain('form-input');
+        expect($compiled)->toContain('$errors');
+    });
+
+    it('throws exception for $errors outside @unblaze blocks', function () {
+        expect(fn() => app('blaze')->compile('<x-with-errors-outside-unblaze />'))
+            ->toThrow(\Livewire\Blaze\Exceptions\InvalidBlazeFoldUsageException::class);
+    });
+
+    it('allows @csrf inside @unblaze blocks', function () {
+        $input = '<x-with-csrf-inside-unblaze />';
+
+        // Should not throw an exception
+        $compiled = app('blaze')->compile($input);
+
+        expect($compiled)->toContain('form-wrapper');
+    });
+
+    it('allows request() inside @unblaze blocks', function () {
+        $input = '<x-with-request-inside-unblaze />';
+
+        // Should not throw an exception
+        $compiled = app('blaze')->compile($input);
+
+        expect($compiled)->toContain('<nav>');
+        expect($compiled)->toContain('request()');
+    });
+
+    it('still validates problematic patterns in static parts of component', function () {
+        // Create a component with $errors in static part and @unblaze
+        $componentPath = __DIR__ . '/fixtures/components/mixed-errors.blade.php';
+        file_put_contents($componentPath, '@blaze
+<div>
+    <p>{{ $errors->count() }}</p>
+    @unblaze
+        <span>{{ $errors->first() }}</span>
+    @endunblaze
+</div>');
+
+        try {
+            expect(fn() => app('blaze')->compile('<x-mixed-errors />'))
+                ->toThrow(\Livewire\Blaze\Exceptions\InvalidBlazeFoldUsageException::class);
+        } finally {
+            unlink($componentPath);
+        }
+    });
+});

tests/fixtures/components/with-csrf-inside-unblaze.blade.php

@@ -0,0 +1,10 @@
+@blaze
+<div class="form-wrapper">
+    <h2>Form</h2>
+    @unblaze
+        <form method="POST">
+            @csrf
+            <button>Submit</button>
+        </form>
+    @endunblaze
+</div>

tests/fixtures/components/with-errors-inside-unblaze.blade.php

@@ -0,0 +1,10 @@
+@blaze
+<div class="form-input">
+    <label>Email</label>
+    <input type="email" name="email">
+    @unblaze
+        @if($errors->has('email'))
+            <span class="error">{{ $errors->first('email') }}</span>
+        @endif
+    @endunblaze
+</div>

tests/fixtures/components/with-errors-outside-unblaze.blade.php

@@ -0,0 +1,8 @@
+@blaze
+<div class="form-input">
+    <label>Email</label>
+    <input type="email" name="email">
+    @if($errors->has('email'))
+        <span class="error">{{ $errors->first('email') }}</span>
+    @endif
+</div>

tests/fixtures/components/with-request-inside-unblaze.blade.php

@@ -0,0 +1,7 @@
+@blaze
+<nav>
+    <a href="/home">Home</a>
+    @unblaze
+        <a href="/about" class="{{ request()->is('about') ? 'active' : '' }}">About</a>
+    @endunblaze
+</nav>