Skip to content
Permalink
Browse files Browse the repository at this point in the history
refs #1313 Escape inline attributes (#1314)
  • Loading branch information
tabuna committed Oct 19, 2020
1 parent 4a1f9fb commit 03f9a11
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 6 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Expand Up @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## 9.4.4 - 2020-10-19

### Fixed
- Escape inline attributes [#1313](https://github.com/orchidsoftware/platform/pull/1313)

## 9.4.3 - 2020-10-17

### Changed
Expand Down
2 changes: 1 addition & 1 deletion src/Platform/Dashboard.php
Expand Up @@ -17,7 +17,7 @@ class Dashboard
/**
* ORCHID Version.
*/
public const VERSION = '9.4.3';
public const VERSION = '9.4.4';

/**
* The Dashboard configuration options.
Expand Down
10 changes: 6 additions & 4 deletions src/Screen/Field.php
Expand Up @@ -245,11 +245,13 @@ protected function getAllowAttributes(): ComponentAttributeBag
{
$allow = array_merge($this->universalAttributes, $this->inlineAttributes);

$attribute = new ComponentAttributeBag($this->getAttributes());
$attributes = collect($this->getAttributes())
->filter(function ($value, $attribute) use ($allow) {
return Str::is($allow, $attribute);
})->toArray();

return $attribute->filter(function ($value, $attribute) use ($allow) {
return Str::is($allow, $attribute);
});
return (new ComponentAttributeBag())
->merge($attributes);
}

/**
Expand Down
1 change: 0 additions & 1 deletion src/Screen/Fields/Upload.php
Expand Up @@ -81,7 +81,6 @@ class Upload extends Field
'multiple',
'placeholder',
'required',
'value',
'groups',
'storage',
'media',
Expand Down
14 changes: 14 additions & 0 deletions tests/Unit/Screen/Fields/InputTest.php
Expand Up @@ -68,4 +68,18 @@ public function testDataAttributes(): void
$this->assertStringContainsString('data-location="Russia"', $input);
$this->assertStringContainsString('data-hello="world!"', $input);
}

public function testEscapeAttributes(): void
{
$input = (string) Input::make('name')->value('valueQuote"');

$this->assertStringContainsString('value="valueQuote""', $input);
}

public function testRemoveBooleanAttributes(): void
{
$input = (string) Input::make('name')->required(false);

$this->assertStringNotContainsString('required', $input);
}
}

0 comments on commit 03f9a11

Please sign in to comment.