From: Fabien Potencier Date: Tue, 1 Oct 2013 13:11:00 +0000 (+0200) Subject: fixed usage of the html_attr escaping strategy to avoid double-escaping with the... X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=f27d4a14405f014ba73aa362421f8f80d35dd618;p=web%2Fkonrad%2Ftwig.git fixed usage of the html_attr escaping strategy to avoid double-escaping with the html strategy --- diff --git a/CHANGELOG b/CHANGELOG index ab39662..483f107 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,6 @@ * 1.14.0 (2013-XX-XX) + * fixed usage of the html_attr escaping strategy to avoid double-escaping with the html strategy * fixed some compatibility issues with HHVM * added a way to add custom escaping strategies * fixed the C extension compilation on Windows diff --git a/lib/Twig/NodeVisitor/SafeAnalysis.php b/lib/Twig/NodeVisitor/SafeAnalysis.php index b0c658c..214e8b6 100644 --- a/lib/Twig/NodeVisitor/SafeAnalysis.php +++ b/lib/Twig/NodeVisitor/SafeAnalysis.php @@ -13,12 +13,20 @@ class Twig_NodeVisitor_SafeAnalysis implements Twig_NodeVisitorInterface public function getSafe(Twig_NodeInterface $node) { $hash = spl_object_hash($node); - if (isset($this->data[$hash])) { - foreach ($this->data[$hash] as $bucket) { - if ($bucket['key'] === $node) { - return $bucket['value']; - } + if (!isset($this->data[$hash])) { + return; + } + + foreach ($this->data[$hash] as $bucket) { + if ($bucket['key'] !== $node) { + continue; + } + + if (in_array('html_attr', $bucket['value'])) { + $bucket['value'][] = 'html'; } + + return $bucket['value']; } } diff --git a/test/Twig/Tests/Fixtures/filters/escape_html_attr.test b/test/Twig/Tests/Fixtures/filters/escape_html_attr.test new file mode 100644 index 0000000..009a245 --- /dev/null +++ b/test/Twig/Tests/Fixtures/filters/escape_html_attr.test @@ -0,0 +1,8 @@ +--TEST-- +"escape" filter does not escape with the html strategy when using the html_attr strategy +--TEMPLATE-- +{{ '
'|escape('html_attr') }} +--DATA-- +return array() +--EXPECT-- +<br />