Skip to content
This repository
Browse code

FIX We still need XML escaping on href attributes in HTML4Value

  • Loading branch information...
commit 8d26bdbd2e063a9de38f76ba4b4c1013824dfd28 1 parent fb17f43
Hamish Friedlander authored April 18, 2013
2  model/HTMLValue.php
@@ -52,7 +52,7 @@ public function getContent() {
52 52
 
53 53
 		// Then replace the saved attributes with their original versions
54 54
 		$res = preg_replace_callback('/__HTMLVALUE_(\d+)/', function($matches) use ($attrs) {
55  
-			return $attrs[$matches[0]];
  55
+			return Convert::raw2att($attrs[$matches[0]]);
56 56
 		}, $res);
57 57
 
58 58
 		return $res;
9  tests/integration/HTML4ValueTest.php
@@ -58,4 +58,13 @@ public function testMixedNewlines() {
58 58
 		);
59 59
 	}
60 60
 
  61
+	public function testAttributeEscaping() {
  62
+		$value = new SS_HTML4Value();
  63
+
  64
+		$value->setContent('<a href="[]"></a>');
  65
+		$this->assertEquals('<a href="[]"></a>', $value->getContent(), "'[' character isn't escaped");
  66
+
  67
+		$value->setContent('<a href="&quot;"></a>');
  68
+		$this->assertEquals('<a href="&quot;"></a>', $value->getContent(), "'\"' character is escaped");
  69
+	}
61 70
 }

0 notes on commit 8d26bdb

Please sign in to comment.
Something went wrong with that request. Please try again.