class Phlex::SGML

def __build_attributes__(attributes, buffer:)
	attributes.each do |k, v|
		next unless v
		name = case k
			when String then k
			when Symbol then k.name.tr("_", "-")
			else raise ArgumentError, "Attribute keys should be Strings or Symbols."
		end
		lower_name = name.downcase
		next if lower_name == "href" && v.to_s.downcase.tr("^a-z:",	"").start_with?("javascript:")
		# Detect unsafe attribute names. Attribute names are considered unsafe if they match an event attribute or include unsafe characters.
		if HTML::EVENT_ATTRIBUTES.include?(lower_name.tr("^a-z-", "")) || name.match?(/[<>&"']/)
			raise ArgumentError, "Unsafe attribute name detected: #{k}."
		end
		case v
		when true
			buffer << " " << name
		when String
			buffer << " " << name << '="' << ERB::Escape.html_escape(v) << '"'
		when Symbol
			buffer << " " << name << '="' << ERB::Escape.html_escape(v.name) << '"'
		when Integer, Float
			buffer << " " << name << '="' << v.to_s << '"'
		when Hash
			__build_attributes__(
				v.transform_keys { |subkey|
					case subkey
						when Symbol then"#{k}-#{subkey.name.tr('_', '-')}"
						else "#{k}-#{subkey}"
					end
				}, buffer: buffer
			)
		when Array
			buffer << " " << name << '="' << ERB::Escape.html_escape(v.compact.join(" ")) << '"'
		when Set
			buffer << " " << name << '="' << ERB::Escape.html_escape(v.to_a.compact.join(" ")) << '"'
		else
			buffer << " " << name << '="' << ERB::Escape.html_escape(v.to_str) << '"'
		end
	end
	buffer
end