[WebLink] Escape double quotes in attributes values

2021-02-16 12:01:18 +01:00 · 2021-02-16 12:01:18 +01:00 · 7946be2b95
commit 7946be2b95
parent 08c789c97b
2 changed files with 10 additions and 2 deletions
--- a/src/Symfony/Component/WebLink/HttpHeaderSerializer.php
+++ b/src/Symfony/Component/WebLink/HttpHeaderSerializer.php
@ -39,14 +39,14 @@ final class HttpHeaderSerializer
            foreach ($link->getAttributes() as $key => $value) {
                if (\is_array($value)) {
                    foreach ($value as $v) {
-                        $attributesParts[] = sprintf('%s="%s"', $key, $v);
+                        $attributesParts[] = sprintf('%s="%s"', $key, preg_replace('/(?<!\\\\)"/', '\"', $v));
                    }

                    continue;
                }

                if (!\is_bool($value)) {
-                    $attributesParts[] = sprintf('%s="%s"', $key, $value);
+                    $attributesParts[] = sprintf('%s="%s"', $key, preg_replace('/(?<!\\\\)"/', '\"', $value));

                    continue;
                }
--- a/src/Symfony/Component/WebLink/Tests/HttpHeaderSerializerTest.php
+++ b/src/Symfony/Component/WebLink/Tests/HttpHeaderSerializerTest.php
@ -44,4 +44,12 @@ class HttpHeaderSerializerTest extends TestCase
    {
        $this->assertNull($this->serializer->serialize([]));
    }
+
+    public function testSerializeDoubleQuotesInAttributeValue()
+    {
+        $this->assertSame('</foo>; rel="alternate"; title="\"escape me\" \"already escaped\" \"\"\""', $this->serializer->serialize([
+            (new Link('alternate', '/foo'))
+                ->withAttribute('title', '"escape me" \"already escaped\" ""\"'),
+        ]));
+    }
 }