diff --git a/src/Forms/HTMLEditor/HTMLEditorField.php b/src/Forms/HTMLEditor/HTMLEditorField.php index db8d08a05..b8a1302d0 100644 --- a/src/Forms/HTMLEditor/HTMLEditorField.php +++ b/src/Forms/HTMLEditor/HTMLEditorField.php @@ -191,7 +191,19 @@ class HTMLEditorField extends TextareaField */ public function ValueEntities() { - return htmlentities($this->Value() ?? '', ENT_COMPAT, 'UTF-8', false); + $entities = get_html_translation_table(HTML_ENTITIES); + + foreach ($entities as $key => $value) { + $entities[$key] = "/" . $value . "/"; + } + + $value = preg_replace_callback($entities, function ($matches) { + // Don't apply double encoding to ampersand + $doubleEncoding = $matches[0] != '&'; + return htmlentities($matches[0], ENT_COMPAT, 'UTF-8', $doubleEncoding); + }, $this->Value() ?? ''); + + return $value; } /** diff --git a/src/View/Shortcodes/EmbedShortcodeProvider.php b/src/View/Shortcodes/EmbedShortcodeProvider.php index 58aefc2c3..9a8c52450 100644 --- a/src/View/Shortcodes/EmbedShortcodeProvider.php +++ b/src/View/Shortcodes/EmbedShortcodeProvider.php @@ -171,6 +171,10 @@ class EmbedShortcodeProvider implements ShortcodeHandler $arguments['style'] = 'width: ' . intval($arguments['width']) . 'px;'; } + if (!empty($arguments['caption'])) { + $arguments['caption'] = htmlentities($arguments['caption'], ENT_QUOTES, 'UTF-8', false); + } + // override iframe dimension attributes provided by webservice with ones specified in shortcode arguments foreach (['width', 'height'] as $attr) { if (!($value = $arguments[$attr] ?? false)) { diff --git a/templates/SilverStripe/View/Shortcodes/EmbedShortcodeProvider_video.ss b/templates/SilverStripe/View/Shortcodes/EmbedShortcodeProvider_video.ss index c526f1640..be1a2a0a4 100644 --- a/templates/SilverStripe/View/Shortcodes/EmbedShortcodeProvider_video.ss +++ b/templates/SilverStripe/View/Shortcodes/EmbedShortcodeProvider_video.ss @@ -3,6 +3,6 @@ > {$Content} <% if $Arguments.caption %> -

{$Arguments.caption}

+

{$Arguments.caption.RAW}

<% end_if %> diff --git a/tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php b/tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php index 2abe550aa..ce6c18d55 100644 --- a/tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php +++ b/tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php @@ -74,7 +74,7 @@ class HTMLEditorFieldTest extends FunctionalTest $inputText = "These are some unicodes: ä, ö, & ü"; $field = new HTMLEditorField("Test", "Test"); $field->setValue($inputText); - $this->assertStringContainsString('These are some unicodes: ä, ö, & ü', $field->Field()); + $this->assertStringContainsString('These are some unicodes: ä, ö, & ü', $field->Field()); // Test shortcodes $inputText = "Shortcode: [file_link id=4]"; $field = new HTMLEditorField("Test", "Test"); @@ -210,23 +210,34 @@ EOS ); } - public function testValueEntities() + public function provideTestValueEntities() + { + return [ + "ampersand" => [ + "The company & partners", + "The company & partners" + ], + "double ampersand" => [ + "The company &amp; partners", + "The company &amp; partners" + ], + "left arrow and right arrow" => [ + "

<strong>The company &amp; partners</strong>

", + "

&lt;strong&gt;The company &amp; partners&lt;/strong&gt;

" + ], + ]; + } + + /** + * @dataProvider provideTestValueEntities + */ + public function testValueEntities(string $input, string $result) { - $inputText = "The company & partners"; $field = new HTMLEditorField("Content"); - $field->setValue($inputText); + $field->setValue($input); $this->assertEquals( - "The company & partners", - $field->obj('ValueEntities')->forTemplate() - ); - - $inputText = "The company && partners"; - $field = new HTMLEditorField("Content"); - $field->setValue($inputText); - - $this->assertEquals( - "The company && partners", + $result, $field->obj('ValueEntities')->forTemplate() ); }