tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1773 from silverstripe-rebelalliance/fix/htmlvalue_attr_escaping

Browse Source 
FIX We still need XML escaping on href attributes in HTML4Value
This commit is contained in:
Simon Welsh 2013-04-17 15:05:33 -07:00
commit 93a8e6f16e
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
model/HTMLValue.php
View File

@ -52,7 +52,7 @@ abstract class SS_HTMLValue extends ViewableData {
// Then replace the saved attributes with their original versions // Then replace the saved attributes with their original versions
$res = preg_replace_callback('/__HTMLVALUE_(\d+)/', function($matches) use ($attrs) { $res = preg_replace_callback('/__HTMLVALUE_(\d+)/', function($matches) use ($attrs) {
return $attrs[$matches[0]]; return Convert::raw2att($attrs[$matches[0]]);
}, $res); }, $res);
return $res; return $res;

9
tests/integration/HTML4ValueTest.php
View File

@ -58,4 +58,13 @@ class SS_HTML4ValueTest extends SapphireTest {
); );
} }
public function testAttributeEscaping() {
$value = new SS_HTML4Value();
$value->setContent('<a href="[]"></a>');
$this->assertEquals('<a href="[]"></a>', $value->getContent(), "'[' character isn't escaped");
$value->setContent('<a href="&quot;"></a>');
$this->assertEquals('<a href="&quot;"></a>', $value->getContent(), "'\"' character is escaped");
}
} }