Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #1211866 by stefan.r, joelpittet, tsphethean: Enable ENT_SUBSTITUTE flag in Html::escape

8.0.x
Alex Pott 2015-08-19 08:29:00 +01:00
parent 7b91c7fec2
commit 00360b9d0c
4 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/lib/Drupal/Component/Utility/Html.php
View File

@ -366,7 +366,8 @@ EOD;
* - < (less than) becomes &lt; * - < (less than) becomes &lt;
* - > (greater than) becomes &gt; * - > (greater than) becomes &gt;
* Special characters that have already been escaped will be double-escaped * Special characters that have already been escaped will be double-escaped
* (for example, "&lt;" becomes "&amp;lt;"). * (for example, "&lt;" becomes "&amp;lt;"), and invalid UTF-8 encoding
* will be converted to the Unicode replacement character ("<EFBFBD>").
* *
* This method is not the opposite of Html::decodeEntities(). For example, * This method is not the opposite of Html::decodeEntities(). For example,
* this method will not encode "é" to "&eacute;", whereas * this method will not encode "é" to "&eacute;", whereas
@ -385,7 +386,7 @@ EOD;
* @ingroup sanitization * @ingroup sanitization
*/ */
public static function escape($text) { public static function escape($text) {
return htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); return htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
} }
} }

1
core/tests/Drupal/Tests/Component/Utility/HtmlTest.php
View File

@ -288,6 +288,7 @@ class HtmlTest extends UnitTestCase {
array('→', '→'), array('→', '→'),
array('➼', '➼'), array('➼', '➼'),
array('€', '€'), array('€', '€'),
array('Drup<75>al', "Drup\x80al"),
); );
} }

18
core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
View File

@ -46,11 +46,11 @@ class SafeMarkupTest extends UnitTestCase {
* @see testSet() * @see testSet()
*/ */
public function providerSet() { public function providerSet() {
// Checks that invalid multi-byte sequences are rejected. // Checks that invalid multi-byte sequences are escaped.
$tests[] = array("Foo\xC0barbaz", '', 'SafeMarkup::checkPlain() rejects invalid sequence "Foo\xC0barbaz"', TRUE); $tests[] = array("Foo\xC0barbaz", 'Foo<EFBFBD>barbaz', 'Invalid sequence "Foo\xC0barbaz" is escaped', TRUE);
$tests[] = array("Fooÿñ", 'SafeMarkup::set() accepts valid sequence "Fooÿñ"'); $tests[] = array("Fooÿñ", 'SafeMarkup::set() does not escape valid sequence "Fooÿñ"');
$tests[] = array(new TextWrapper("Fooÿñ"), 'SafeMarkup::set() accepts valid sequence "Fooÿñ" in an object implementing __toString()'); $tests[] = array(new TextWrapper("Fooÿñ"), 'SafeMarkup::set() does not escape valid sequence "Fooÿñ" in an object implementing __toString()');
$tests[] = array("<div>", 'SafeMarkup::set() accepts HTML'); $tests[] = array("<div>", 'SafeMarkup::set() does not escape HTML');
return $tests; return $tests;
} }
@ -141,10 +141,10 @@ class SafeMarkupTest extends UnitTestCase {
* @see testCheckPlain() * @see testCheckPlain()
*/ */
function providerCheckPlain() { function providerCheckPlain() {
// Checks that invalid multi-byte sequences are rejected. // Checks that invalid multi-byte sequences are escaped.
$tests[] = array("Foo\xC0barbaz", '', 'SafeMarkup::checkPlain() rejects invalid sequence "Foo\xC0barbaz"', TRUE); $tests[] = array("Foo\xC0barbaz", 'Foo<EFBFBD>barbaz', 'SafeMarkup::checkPlain() escapes invalid sequence "Foo\xC0barbaz"', TRUE);
$tests[] = array("\xc2\"", '', 'SafeMarkup::checkPlain() rejects invalid sequence "\xc2\""', TRUE); $tests[] = array("\xc2\"", '<EFBFBD>&quot;', 'SafeMarkup::checkPlain() escapes invalid sequence "\xc2\""', TRUE);
$tests[] = array("Fooÿñ", "Fooÿñ", 'SafeMarkup::checkPlain() accepts valid sequence "Fooÿñ"'); $tests[] = array("Fooÿñ", "Fooÿñ", 'SafeMarkup::checkPlain() does not escape valid sequence "Fooÿñ"');
// Checks that special characters are escaped. // Checks that special characters are escaped.
$tests[] = array("<script>", '&lt;script&gt;', 'SafeMarkup::checkPlain() escapes &lt;script&gt;'); $tests[] = array("<script>", '&lt;script&gt;', 'SafeMarkup::checkPlain() escapes &lt;script&gt;');

8
core/tests/Drupal/Tests/Core/Entity/EntityListBuilderTest.php
View File

@ -182,10 +182,10 @@ class EntityListBuilderTest extends UnitTestCase {
*/ */
public function providerTestBuildRow() { public function providerTestBuildRow() {
$tests = array(); $tests = array();
// Checks that invalid multi-byte sequences are rejected. // Checks that invalid multi-byte sequences are escaped.
$tests[] = array("Foo\xC0barbaz", '', 'EntityTestListBuilder::buildRow() rejects invalid sequence "Foo\xC0barbaz"', TRUE); $tests[] = array("Foo\xC0barbaz", 'Foo<EFBFBD>barbaz', 'EntityTestListBuilder::buildRow() escapes invalid sequence "Foo\xC0barbaz"', TRUE);
$tests[] = array("\xc2\"", '', 'EntityTestListBuilder::buildRow() rejects invalid sequence "\xc2\""', TRUE); $tests[] = array("\xc2\"", '<EFBFBD>&quot;', 'EntityTestListBuilder::buildRow escapes invalid sequence "\xc2\""', TRUE);
$tests[] = array("Fooÿñ", "Fooÿñ", 'EntityTestListBuilder::buildRow() accepts valid sequence "Fooÿñ"'); $tests[] = array("Fooÿñ", "Fooÿñ", 'EntityTestListBuilder::buildR does not escape valid sequence "Fooÿñ"');
// Checks that special characters are escaped. // Checks that special characters are escaped.
$tests[] = array("<script>", '&lt;script&gt;', 'EntityTestListBuilder::buildRow() escapes &lt;script&gt;'); $tests[] = array("<script>", '&lt;script&gt;', 'EntityTestListBuilder::buildRow() escapes &lt;script&gt;');