bug #40209 [WebLink] Escape double quotes in attributes values (fancyweb)
This PR was merged into the 4.4 branch.
Discussion
----------
[WebLink] Escape double quotes in attributes values
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
If the attribute value contains a double quote, the serialized value is invalid: `</foo>; rel="alternate"; title="foo " bar"`. Ideally we would use `addcslashes` but we can't because users that already pass escaped values would then be impacted.
Commits
-------
7946be2b95
[WebLink] Escape double quotes in attributes values
This commit is contained in:
commit
f8ce7d0803
@ -39,14 +39,14 @@ final class HttpHeaderSerializer
|
|||||||
foreach ($link->getAttributes() as $key => $value) {
|
foreach ($link->getAttributes() as $key => $value) {
|
||||||
if (\is_array($value)) {
|
if (\is_array($value)) {
|
||||||
foreach ($value as $v) {
|
foreach ($value as $v) {
|
||||||
$attributesParts[] = sprintf('%s="%s"', $key, $v);
|
$attributesParts[] = sprintf('%s="%s"', $key, preg_replace('/(?<!\\\\)"/', '\"', $v));
|
||||||
}
|
}
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!\is_bool($value)) {
|
if (!\is_bool($value)) {
|
||||||
$attributesParts[] = sprintf('%s="%s"', $key, $value);
|
$attributesParts[] = sprintf('%s="%s"', $key, preg_replace('/(?<!\\\\)"/', '\"', $value));
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -44,4 +44,12 @@ class HttpHeaderSerializerTest extends TestCase
|
|||||||
{
|
{
|
||||||
$this->assertNull($this->serializer->serialize([]));
|
$this->assertNull($this->serializer->serialize([]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSerializeDoubleQuotesInAttributeValue()
|
||||||
|
{
|
||||||
|
$this->assertSame('</foo>; rel="alternate"; title="\"escape me\" \"already escaped\" \"\"\""', $this->serializer->serialize([
|
||||||
|
(new Link('alternate', '/foo'))
|
||||||
|
->withAttribute('title', '"escape me" \"already escaped\" ""\"'),
|
||||||
|
]));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user