FixUnescapedCurlyBracesInHtmlAttributes: escape left braces that are …

…not followed by a right brace
s9e · Apr 4, 2017 · 4ebc635 · 4ebc635
1 parent 9e1197a
commit 4ebc635
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/src/Configurator/TemplateNormalizations/FixUnescapedCurlyBracesInHtmlAttributes.php b/src/Configurator/TemplateNormalizations/FixUnescapedCurlyBracesInHtmlAttributes.php
@@ -19,8 +19,10 @@ class FixUnescapedCurlyBracesInHtmlAttributes extends TemplateNormalization
 	*
 	* Will replace
 	*     <hr onclick="if(1){alert(1)}">
+	*     <hr title="x{x">
 	* with
 	*     <hr onclick="if(1){{alert(1)}">
+	*     <hr title="x{{x">
 	*
 	* @param  DOMElement $template <xsl:template/> node
 	* @return void
@@ -52,10 +54,12 @@ protected function fixAttribute(DOMAttr $attribute)
 
 		$match = [
 			'(\\b(?:do|else|(?:if|while)\\s*\\(.*?\\))\\s*\\{(?![{@]))',
+			'((?<!\\{)\\{[^}]*+$)',
 			'((?<!\\{)\\{\\s*(?:"[^"]*"|\'[^\']*\'|[a-z]\\w*(?:\\s|:\\s|:(?:["\']|\\w+\\s*,))))i'
 		];
 		$replace = [
 			'$0{',
+			'{$0',
 			'{$0'
 		];
 		$attrValue        = preg_replace($match, $replace, $attribute->value);

diff --git a/tests/Configurator/TemplateNormalizations/FixUnescapedCurlyBracesInHtmlAttributesTest.php b/tests/Configurator/TemplateNormalizations/FixUnescapedCurlyBracesInHtmlAttributesTest.php
@@ -63,6 +63,14 @@ public function getData()
 				'<hr onmouseover="foo({ \'bar\':true}"/>',
 				'<hr onmouseover="foo({{ \'bar\':true}"/>'
 			],
+			[
+				'<hr title="{"/>',
+				'<hr title="{{"/>'
+			],
+			[
+				'<hr title="x{x"/>',
+				'<hr title="x{{x"/>'
+			],
 		];
 	}
 }