Commit 8ee21588 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Escape double ticks in HTML attributes in general.

Support.php: added ecapeDoubleTick()
parent 1d947296
...@@ -106,7 +106,29 @@ class Support { ...@@ -106,7 +106,29 @@ class Support {
break; break;
} }
return $type . '="' . trim($value) . '" '; $value = self::escapeDoubleTick(trim($value));
return $type . '="' . $value . '" ';
}
/**
* Escapes Double Ticks ("), which are not already escaped.
*
* @param $str
* @return string
*/
public static function escapeDoubleTick($str) {
$newStr = '';
for ($ii = 0; $ii < strlen($str); $ii++) {
if ($str[$ii] === '"') {
if ($ii === 0 || $str[$ii - 1] != '\\') {
$newStr .= '\\';
}
}
$newStr .= $str[$ii];
}
return $newStr;
} }
/** /**
......
...@@ -349,6 +349,47 @@ class SupportTest extends \PHPUnit_Framework_TestCase { ...@@ -349,6 +349,47 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals(['id' => 2], $new); $this->assertEquals(['id' => 2], $new);
} }
public function testEscapeDoubleTick() {
// empty string
$new = Support::escapeDoubleTick('');
$this->assertEquals('', $new);
// nothing to replace
$new = Support::escapeDoubleTick('hello world');
$this->assertEquals('hello world', $new);
// last word
$new = Support::escapeDoubleTick('hello "world"');
$this->assertEquals('hello \\"world\\"', $new);
// first word
$new = Support::escapeDoubleTick('"hello" world');
$this->assertEquals('\\"hello\\" world', $new);
// just "
$new = Support::escapeDoubleTick('"');
$this->assertEquals('\\"', $new);
// just \"
$new = Support::escapeDoubleTick('\\"');
$this->assertEquals('\\"', $new);
// already escaped: middle
$new = Support::escapeDoubleTick('hello \\"T world');
$this->assertEquals('hello \\"T world', $new);
// already escaped: start
$new = Support::escapeDoubleTick('\\"T hello world');
$this->assertEquals('\\"T hello world', $new);
// already escaped: end
$new = Support::escapeDoubleTick('hello world \\"');
$this->assertEquals('hello world \\"', $new);
}
protected function setUp() { protected function setUp() {
parent::setUp(); parent::setUp();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment