FIX We still need XML escaping on href attributes in HTML4Value

This commit is contained in:
Hamish Friedlander 2013-04-18 09:13:24 +12:00
parent fb17f43878
commit 8d26bdbd2e
2 changed files with 10 additions and 1 deletions

View File

@ -52,7 +52,7 @@ abstract class SS_HTMLValue extends ViewableData {
// Then replace the saved attributes with their original versions // Then replace the saved attributes with their original versions
$res = preg_replace_callback('/__HTMLVALUE_(\d+)/', function($matches) use ($attrs) { $res = preg_replace_callback('/__HTMLVALUE_(\d+)/', function($matches) use ($attrs) {
return $attrs[$matches[0]]; return Convert::raw2att($attrs[$matches[0]]);
}, $res); }, $res);
return $res; return $res;

View File

@ -58,4 +58,13 @@ class SS_HTML4ValueTest extends SapphireTest {
); );
} }
public function testAttributeEscaping() {
$value = new SS_HTML4Value();
$value->setContent('<a href="[]"></a>');
$this->assertEquals('<a href="[]"></a>', $value->getContent(), "'[' character isn't escaped");
$value->setContent('<a href="&quot;"></a>');
$this->assertEquals('<a href="&quot;"></a>', $value->getContent(), "'\"' character is escaped");
}
} }