[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4  * @package   s9e\TextFormatter
   5  * @copyright Copyright (c) 2010-2022 The s9e authors
   6  * @license   http://www.opensource.org/licenses/mit-license.php The MIT License
   7  */
   8  namespace s9e\TextFormatter\Configurator\TemplateNormalizations;
   9  
  10  use DOMAttr;
  11  
  12  /**
  13  * Fix unescaped curly braces in HTML attributes
  14  *
  15  * Will replace
  16  *     <hr onclick="if(1){alert(1)}">
  17  *     <hr title="x{x">
  18  * with
  19  *     <hr onclick="if(1){{alert(1)}">
  20  *     <hr title="x{{x">
  21  */
  22  class FixUnescapedCurlyBracesInHtmlAttributes extends AbstractNormalization
  23  {
  24      /**
  25      * {@inheritdoc}
  26      */
  27      protected $queries = ['//*[namespace-uri() != $XSL]/@*[contains(., "{")]'];
  28  
  29      /**
  30      * {@inheritdoc}
  31      */
  32  	protected function normalizeAttribute(DOMAttr $attribute)
  33      {
  34          $match = [
  35              '(\\b(?:do|else|(?:if|while)\\s*\\(.*?\\))\\s*\\{(?![{@]))',
  36              '(\\bfunction\\s*\\w*\\s*\\([^\\)]*\\)\\s*\\{(?!\\{))',
  37              '(=(?:>|&gt;)\\s*\\{(?!\\{))',
  38              '((?<!\\{)(?:\\{\\{)*\\{(?!\\{)[^}]*+$)',
  39              '((?<!\\{)\\{\\s*(?:"[^"]*"|\'[^\']*\'|[a-z]\\w*(?:\\s|:\\s|:(?:["\']|\\w+\\s*,))))i'
  40          ];
  41          $replace = [
  42              '$0{',
  43              '$0{',
  44              '$0{',
  45              '{$0',
  46              '{$0'
  47          ];
  48          $attrValue        = preg_replace($match, $replace, $attribute->value);
  49          $attribute->value = htmlspecialchars($attrValue, ENT_NOQUOTES, 'UTF-8');
  50      }
  51  }