From 7713a8b8c0fa603732fb442c026d0144347cbd39 Mon Sep 17 00:00:00 2001 From: Asmir Mustafic Date: Tue, 4 Feb 2014 16:57:23 +0100 Subject: escaping attributes in a different way --- src/HTML5/Serializer/OutputRules.php | 16 ++++++------- test/HTML5/Serializer/OutputRulesTest.php | 40 +++++++++++++------------------ 2 files changed, 25 insertions(+), 31 deletions(-) diff --git a/src/HTML5/Serializer/OutputRules.php b/src/HTML5/Serializer/OutputRules.php index 15e6c6e..48cc307 100644 --- a/src/HTML5/Serializer/OutputRules.php +++ b/src/HTML5/Serializer/OutputRules.php @@ -94,7 +94,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface { /** * Write a text node. * - * @param \DOMText $ele + * @param \DOMText $ele * The text node to write. */ public function text($ele) { @@ -128,7 +128,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface { * * Tags for HTML, MathML, and SVG are in the local name. Otherwise, use the * qualified name (8.3). - * + * * @param \DOMNode $ele * The element being written. */ @@ -163,7 +163,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface { $len = $map->length; for ($i = 0; $i < $len; ++$i) { $node = $map->item($i); - $val = $this->enc($node->value); + $val = $this->enc($node->value, true); // XXX: The spec says that we need to ensure that anything in // the XML, XMLNS, or XLink NS's should use the canonical @@ -189,7 +189,7 @@ class OutputRules implements \HTML5\Serializer\RulesInterface { /** * Write the closing tag. - * + * * Tags for HTML, MathML, and SVG are in the local name. Otherwise, use the * qualified name (8.3). * @@ -244,17 +244,17 @@ class OutputRules implements \HTML5\Serializer\RulesInterface { * @return string * The encoded text. */ - protected function enc($text) { - $flags = 0; + protected function enc($text, $attribute = false) { + $quotes = !$attribute?0:ENT_QUOTES; // Escape rather than encode all entities. if (!$this->encode) { - return htmlspecialchars($text, $flags, 'UTF-8'); + return htmlspecialchars($text, $quotes, 'UTF-8'); } // If we are in PHP 5.4+ we can use the native html5 entity functionality. if (defined('ENT_HTML5')) { - $flags = ENT_HTML5 | ENT_SUBSTITUTE; + $flags = ENT_HTML5 | ENT_SUBSTITUTE|$quotes; $ret = htmlentities($text, $flags, 'UTF-8', FALSE); } // If a version earlier than 5.4 html5 entities are not entirely handled. diff --git a/test/HTML5/Serializer/OutputRulesTest.php b/test/HTML5/Serializer/OutputRulesTest.php index 9c20a7f..b37b3b3 100644 --- a/test/HTML5/Serializer/OutputRulesTest.php +++ b/test/HTML5/Serializer/OutputRulesTest.php @@ -234,43 +234,37 @@ class OutputRulesTest extends \HTML5\Tests\TestCase { $m->invoke($o, 'foo'); $this->assertEquals('foo', stream_get_contents($s, -1, 0)); } - - function getEncData(){ - return array( - array('&\'<>"', '&\'<>"'), - array('This + is. a < test', 'This + is. a < test'), - array('.+#', '.+#'), - ); - } - - function getEncWithEntiyesData(){ + function getEncDataAttssribute(){ return array( - array('.+#', '.+#'), + array('&\'<>"', '&\'<>"', '&\'<>"'), + array('.+#', '.+#', '.+#'), ); } + function getEncData(){ + return array( + array(false, '&\'<>"', '&\'<>"', '&\'<>"'), + array(false, 'This + is. a < test', 'This + is. a < test', 'This + is. a < test'), + array(false, '.+#', '.+#', '.+#'), + array(true, '.+#\'', '.+#'', '.+#''), + array(true, '&".<', '&".<', '&".<'), + ); + } /** * Test basic escaping of text. * @dataProvider getEncData */ - function testEnc($test, $expected) { - - list($o, $s) = $this->getOutputRules(); - $m = $this->getProtectedMethod('enc'); - $this->assertEquals($expected, $m->invoke($o, $test)); + function testEnc($isAttribute, $test, $expected, $expectedEncoded) { - } + list($o, $s) = $this->getOutputRules(); + $m = $this->getProtectedMethod('enc'); - /** - * Test basic escaping of text. - * @dataProvider getEncWithEntiyesData - */ - function testEncWithEntities($test, $expected) { + $this->assertEquals($expected, $m->invoke($o, $test, $isAttribute)); list($o, $s) = $this->getOutputRules(array('encode_entities' => TRUE)); $m = $this->getProtectedMethod('enc'); - $this->assertEquals($expected, $m->invoke($o, $test)); + $this->assertEquals($expectedEncoded, $m->invoke($o, $test, $isAttribute)); } function testAttrs() { -- cgit v1.2.3