Skip to content

Commit

Permalink
bar: escapes <!-- in <script> [Closes #421]
Browse files Browse the repository at this point in the history
  • Loading branch information
@dg
dg committed May 17, 2020
1 parent 12e603c commit db091e9
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/Tracy/Bar/assets/loader.phtml
View file
Expand Up @@ -28,6 +28,6 @@ $asyncAttr = $async ? ' async' : '';
<!-- Tracy Debug Bar -->
<script src="<?= Helpers::escapeHtml($baseUrl) ?>_tracy_bar=js&amp;v=<?= urlencode(Debugger::VERSION) ?>&amp;XDEBUG_SESSION_STOP=1" data-id="<?= Helpers::escapeHtml($contentId) ?>"<?= $nonceAttr ?>></script>
<script<?= $nonceAttr ?>>
Tracy.Debug.init(<?= str_replace('</s', '<\/s', json_encode($content, JSON_UNESCAPED_SLASHES)) ?>);
Tracy.Debug.init(<?= str_replace(['<!--', '</s'], ['<\!--', '<\/s'], json_encode($content, JSON_UNESCAPED_SLASHES)) ?>);
</script>
<?php endif ?>
6 changes: 4 additions & 2 deletions tests/Tracy/Debugger.barDump().phpt
View file
Expand Up @@ -28,14 +28,16 @@ Debugger::enable();
register_shutdown_function(function () {
$output = ob_get_clean();
preg_match('#Tracy\.Debug\.init\((".*[^\\\\]")\)#', $output, $m);
$rawContent = json_decode($m[1]);
$rawContent = str_replace('<\!--', '<!--', $m[1], $count);
Assert::same(1, $count);
$rawContent = json_decode($rawContent);
$panelContent = (string) DomQuery::fromHtml($rawContent)->find('#tracy-debug-panel-Tracy-dumps')[0]['data-tracy-content'];
Assert::matchFile(__DIR__ . '/expected/Debugger.barDump().expect', $panelContent);
echo 'OK!'; // prevents PHP bug #62725
});


$arr = [10, 20.2, true, false, null, 'hello', ['key1' => 'val1', 'key2' => true], (object) ['key1' => 'val1', 'key2' => true]];
$arr = [10, 20.2, true, false, null, 'hello <!-- <script> </script>', ['key1' => 'val1', 'key2' => true], (object) ['key1' => 'val1', 'key2' => true]];

Debugger::barDump($arr);

Expand Down
2 changes: 1 addition & 1 deletion tests/Tracy/expected/Debugger.barDump().expect
View file
Expand Up @@ -7,7 +7,7 @@
<div class="tracy-inner tracy-DumpPanel">

<pre class="tracy-dump" title="barDump($arr)
in file %a% on line %d%" data-tracy-href="editor:%a%" data-tracy-snapshot='{"1":{"name":"stdClass","hash":"%h%","items":[["key1","val1",0],["key2",true,0]]}}' data-tracy-dump='[[0,10],[1,20.2],[2,true],[3,false],[4,null],[5,"hello"],[6,[["key1","val1"],["key2",true]]],[7,{"object":1}]]'></pre>
in file %a% on line %d%" data-tracy-href="editor:%a%" data-tracy-snapshot='{"1":{"name":"stdClass","hash":"%h%","items":[["key1","val1",0],["key2",true,0]]}}' data-tracy-dump='[[0,10],[1,20.2],[2,true],[3,false],[4,null],[5,"hello <!-- <script> <\/script>"],[6,[["key1","val1"],["key2",true]]],[7,{"object":1}]]'></pre>
<h2>String</h2>

<pre class="tracy-dump" title="barDump(&#039;&lt;a href=&quot;#&quot;&gt;test&lt;/a&gt;&#039;, &#039;String&#039;)
Expand Down

0 comments on commit db091e9

Please sign in to comment.