Permalink
Browse files

Add HTML escaping.

Add an escape option to toggle HTML escaping of attributes and node text.
  • Loading branch information...
markstory committed Jan 8, 2014
1 parent ff25495 commit b5b151e114702b420a9f3fe0c8d008bd8544fa7f
Showing with 61 additions and 11 deletions.
  1. +16 −10 Cake/View/Input/SelectBox.php
  2. +45 −1 Test/TestCase/View/Input/SelectBoxTest.php
@@ -53,12 +53,21 @@ public function __construct($templates) {
}
public function render($data) {
+ $data += [
+ 'name' => '',
+ 'empty' => false,
+ 'escape' => true,
+ 'options' => [],
+ 'disabled' => null,
+ 'value' => null,
+ ];
+
if (empty($data['name'])) {
throw new \RuntimeException('Cannot make inputs with empty name attributes.');
}
$options = $this->_renderContent($data);
$name = $data['name'];
- unset($data['name'], $data['options'], $data['empty'], $data['value']);
+ unset($data['name'], $data['options'], $data['empty'], $data['value'], $data['escape']);
if (isset($data['disabled']) && is_array($data['disabled'])) {
unset($data['disabled']);
}
@@ -73,9 +82,6 @@ public function render($data) {
protected function _renderContent($data) {
$out = [];
- if (!isset($data['options'])) {
- $data['options'] = [];
- }
$options = $data['options'];
if (!empty($data['empty'])) {
@@ -92,15 +98,15 @@ protected function _renderContent($data) {
if (isset($data['disabled']) && is_array($data['disabled'])) {
$disabled = $data['disabled'];
}
- return $this->_renderOptions($options, $disabled, $selected);
+ return $this->_renderOptions($options, $disabled, $selected, $data['escape']);
}
- protected function _renderOptions($options, $disabled, $selected) {
+ protected function _renderOptions($options, $disabled, $selected, $escape) {
foreach ($options as $key => $val) {
if (is_array($val)) {
- $groupOptions = $this->_renderOptions($val, $disabled, $selected);
+ $groupOptions = $this->_renderOptions($val, $disabled, $selected, $escape);
$out[] = $this->_templates->format('optgroup', [
- 'label' => $key,
+ 'label' => $escape ? h($key) : $key,
'content' => implode('', $groupOptions)
]);
} else {
@@ -115,8 +121,8 @@ protected function _renderOptions($options, $disabled, $selected) {
}
$out[] = $this->_templates->format($template, [
- 'name' => $key,
- 'value' => $val
+ 'name' => $escape ? h($key) : $key,
+ 'value' => $escape ? h($val) : $val,
]);
}
}
@@ -389,7 +389,51 @@ public function testRenderEmptyOption() {
* @return void
*/
public function testRenderEscapingOption() {
- $this->markTestIncomplete('Not done');
+ $select = new SelectBox($this->templates);
+ $data = [
+ 'name' => 'Birds[name]',
+ 'options' => [
+ 'a' => '>Albatross',
+ 'b' => '>Budgie',
+ 'c' => '>Canary',
+ ]
+ ];
+ $result = $select->render($data);
+ $expected = [
+ 'select' => [
+ 'name' => 'Birds[name]',
+ ],
+ ['option' => ['value' => 'a']],
+ '>Albatross',
+ '/option',
+ ['option' => ['value' => 'b']],
+ '>Budgie',
+ '/option',
+ ['option' => ['value' => 'c']],
+ '>Canary',
+ '/option',
+ '/select'
+ ];
+ $this->assertTags($result, $expected);
+
+ $data = [
+ 'escape' => false,
+ 'name' => 'Birds[name]',
+ 'options' => [
+ '>a' => '>Albatross',
+ ]
+ ];
+ $result = $select->render($data);
+ $expected = [
+ 'select' => [
+ 'name' => 'Birds[name]',
+ ],
+ ['option' => ['value' => '>a']],
+ '>Albatross',
+ '/option',
+ '/select'
+ ];
+ $this->assertTags($result, $expected);
}
}

0 comments on commit b5b151e

Please sign in to comment.