mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Damian Mooyman
parent
66b3d1cae7
commit
c30111eee3
@ -89,7 +89,12 @@ class Convert {
|
|||||||
foreach($val as $k => $v) $val[$k] = self::raw2js($v);
|
foreach($val as $k => $v) $val[$k] = self::raw2js($v);
|
||||||
return $val;
|
return $val;
|
||||||
} else {
|
} else {
|
||||||
return str_replace(array("\\", '"', "\n", "\r", "'"), array("\\\\", '\"', '\n', '\r', "\\'"), $val);
|
return str_replace(
|
||||||
|
// Intercepts some characters such as <, >, and & which can interfere
|
||||||
|
array("\\", '"', "\n", "\r", "'", "<", ">", "&"),
|
||||||
|
array("\\\\", '\"', '\n', '\r', "\\'", "\\x3c", "\\x3e", "\\x26"),
|
||||||
|
$val
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -186,4 +186,56 @@ class ConvertTest extends SapphireTest {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testRaw2JS() {
|
||||||
|
// Test attempt to break out of string
|
||||||
|
$this->assertEquals(
|
||||||
|
'\\"; window.location=\\"http://www.google.com',
|
||||||
|
Convert::raw2js('"; window.location="http://www.google.com')
|
||||||
|
);
|
||||||
|
$this->assertEquals(
|
||||||
|
'\\\'; window.location=\\\'http://www.google.com',
|
||||||
|
Convert::raw2js('\'; window.location=\'http://www.google.com')
|
||||||
|
);
|
||||||
|
// Test attempt to close script tag
|
||||||
|
$this->assertEquals(
|
||||||
|
'\\"; \\x3c/script\\x3e\\x3ch1\\x3eHa \\x26amp; Ha\\x3c/h1\\x3e\\x3cscript\\x3e',
|
||||||
|
Convert::raw2js('"; </script><h1>Ha & Ha</h1><script>')
|
||||||
|
);
|
||||||
|
// Test newlines are properly escaped
|
||||||
|
$this->assertEquals(
|
||||||
|
'New\\nLine\\rReturn', Convert::raw2js("New\nLine\rReturn")
|
||||||
|
);
|
||||||
|
// Check escape of slashes
|
||||||
|
$this->assertEquals(
|
||||||
|
'\\\\\\"\\x3eClick here',
|
||||||
|
Convert::raw2js('\\">Click here')
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testRaw2JSON() {
|
||||||
|
|
||||||
|
// Test object
|
||||||
|
$input = new stdClass();
|
||||||
|
$input->Title = 'My Object';
|
||||||
|
$input->Content = '<p>Data</p>';
|
||||||
|
$this->assertEquals(
|
||||||
|
'{"Title":"My Object","Content":"<p>Data<\/p>"}',
|
||||||
|
Convert::raw2json($input)
|
||||||
|
);
|
||||||
|
|
||||||
|
// Array
|
||||||
|
$array = array('One' => 'Apple', 'Two' => 'Banana');
|
||||||
|
$this->assertEquals(
|
||||||
|
'{"One":"Apple","Two":"Banana"}',
|
||||||
|
Convert::raw2json($array)
|
||||||
|
);
|
||||||
|
|
||||||
|
// String value with already encoded data. Result should be quoted.
|
||||||
|
$value = '{"Left": "Value"}';
|
||||||
|
$this->assertEquals(
|
||||||
|
'"{\\"Left\\": \\"Value\\"}"',
|
||||||
|
Convert::raw2json($value)
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user