escaping attributes in a different way

2 files changed, 25 insertions, 31 deletions

diff --git a/src/HTML5/Serializer/OutputRules.php b/src/HTML5/Serializer/OutputRules.php
index 15e6c6e..48cc307 100644
--- a/src/HTML5/Serializer/OutputRules.php
+++ b/src/HTML5/Serializer/OutputRules.php
@@ -94,7 +94,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface {
   /**
    * Write a text node.
    *
-   * @param \DOMText $ele 
+   * @param \DOMText $ele
    *   The text node to write.
    */
   public function text($ele) {
@@ -128,7 +128,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface {
    *
    * Tags for HTML, MathML, and SVG are in the local name. Otherwise, use the
    * qualified name (8.3).
-   * 
+   *
    * @param \DOMNode $ele
    *   The element being written.
    */
@@ -163,7 +163,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface {
     $len = $map->length;
     for ($i = 0; $i < $len; ++$i) {
       $node = $map->item($i);
-      $val = $this->enc($node->value);
+      $val = $this->enc($node->value, true);
 
       // XXX: The spec says that we need to ensure that anything in
       // the XML, XMLNS, or XLink NS's should use the canonical
@@ -189,7 +189,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface {
 
   /**
    * Write the closing tag.
-   * 
+   *
    * Tags for HTML, MathML, and SVG are in the local name. Otherwise, use the
    * qualified name (8.3).
    *
@@ -244,17 +244,17 @@ class OutputRules implements \HTML5\Serializer\RulesInterface {
    * @return string
    *   The encoded text.
    */
-  protected function enc($text) {
-    $flags = 0;
+  protected function enc($text, $attribute = false) {
+    $quotes = !$attribute?0:ENT_QUOTES;
 
     // Escape rather than encode all entities.
     if (!$this->encode) {
-      return htmlspecialchars($text, $flags, 'UTF-8');
+      return htmlspecialchars($text, $quotes, 'UTF-8');
     }
 
     // If we are in PHP 5.4+ we can use the native html5 entity functionality.
     if (defined('ENT_HTML5')) {
-      $flags = ENT_HTML5 | ENT_SUBSTITUTE;
+      $flags = ENT_HTML5 | ENT_SUBSTITUTE|$quotes;
       $ret = htmlentities($text, $flags, 'UTF-8', FALSE);
     }
     // If a version earlier than 5.4 html5 entities are not entirely handled.
diff --git a/test/HTML5/Serializer/OutputRulesTest.php b/test/HTML5/Serializer/OutputRulesTest.php
index 9c20a7f..b37b3b3 100644
--- a/test/HTML5/Serializer/OutputRulesTest.php
+++ b/test/HTML5/Serializer/OutputRulesTest.php
@@ -234,43 +234,37 @@ class OutputRulesTest extends \HTML5\Tests\TestCase {
     $m->invoke($o, 'foo');
     $this->assertEquals('foo', stream_get_contents($s, -1, 0));
   }
-
-  function getEncData(){
-  	return array(
-  	    array('&\'<>"', '&amp;\'&lt;&gt;"'),
-  	    array('This + is. a < test', 'This + is. a &lt; test'),
-  	    array('.+#', '.+#'),
-    );
-  }
-
-  function getEncWithEntiyesData(){
+  function getEncDataAttssribute(){
       return array(
-          array('.+#', '&period;&plus;&num;'),
+          array('&\'<>"', '&amp;\'&lt;&gt;"', '&amp;\'&lt;&gt;"'),
+          array('.+#', '.+#', '&period;&plus;&num;'),
       );
   }
+  function getEncData(){
+  	return array(
+  	    array(false, '&\'<>"', '&amp;\'&lt;&gt;"', '&amp;\'&lt;&gt;"'),
+  	    array(false, 'This + is. a < test', 'This + is. a &lt; test', 'This &plus; is&period; a &lt; test'),
+  	    array(false, '.+#', '.+#', '&period;&plus;&num;'),
 
+  	    array(true, '.+#\'', '.+#&#039;', '&period;&plus;&num;&apos;'),
+  	    array(true, '&".<', '&amp;&quot;.&lt;', '&amp;&quot;&period;&lt;'),
+    );
+  }
   /**
    * Test basic escaping of text.
    * @dataProvider getEncData
    */
-  function testEnc($test, $expected) {
-
-    list($o, $s) = $this->getOutputRules();
-    $m = $this->getProtectedMethod('enc');
-    $this->assertEquals($expected, $m->invoke($o, $test));
+  function testEnc($isAttribute, $test, $expected, $expectedEncoded) {
 
-  }
+      list($o, $s) = $this->getOutputRules();
+      $m = $this->getProtectedMethod('enc');
 
-  /**
-   * Test basic escaping of text.
-   * @dataProvider getEncWithEntiyesData
-   */
-  function testEncWithEntities($test, $expected) {
+      $this->assertEquals($expected, $m->invoke($o, $test, $isAttribute));
 
       list($o, $s) = $this->getOutputRules(array('encode_entities' => TRUE));
       $m = $this->getProtectedMethod('enc');
 
-      $this->assertEquals($expected, $m->invoke($o, $test));
+      $this->assertEquals($expectedEncoded, $m->invoke($o, $test, $isAttribute));
   }
 
   function testAttrs() {