[ Index ] |
PHP Cross Reference of phpBB-3.3.2-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package s9e\TextFormatter 5 * @copyright Copyright (c) 2010-2020 The s9e authors 6 * @license http://www.opensource.org/licenses/mit-license.php The MIT License 7 */ 8 namespace s9e\TextFormatter\Configurator\TemplateNormalizations; 9 10 use DOMAttr; 11 12 /** 13 * Fix unescaped curly braces in HTML attributes 14 * 15 * Will replace 16 * <hr onclick="if(1){alert(1)}"> 17 * <hr title="x{x"> 18 * with 19 * <hr onclick="if(1){{alert(1)}"> 20 * <hr title="x{{x"> 21 */ 22 class FixUnescapedCurlyBracesInHtmlAttributes extends AbstractNormalization 23 { 24 /** 25 * {@inheritdoc} 26 */ 27 protected $queries = ['//*[namespace-uri() != $XSL]/@*[contains(., "{")]']; 28 29 /** 30 * {@inheritdoc} 31 */ 32 protected function normalizeAttribute(DOMAttr $attribute) 33 { 34 $match = [ 35 '(\\b(?:do|else|(?:if|while)\\s*\\(.*?\\))\\s*\\{(?![{@]))', 36 '(\\bfunction\\s*\\w*\\s*\\([^\\)]*\\)\\s*\\{(?!\\{))', 37 '((?<!\\{)(?:\\{\\{)*\\{(?!\\{)[^}]*+$)', 38 '((?<!\\{)\\{\\s*(?:"[^"]*"|\'[^\']*\'|[a-z]\\w*(?:\\s|:\\s|:(?:["\']|\\w+\\s*,))))i' 39 ]; 40 $replace = [ 41 '$0{', 42 '$0{', 43 '{$0', 44 '{$0' 45 ]; 46 $attrValue = preg_replace($match, $replace, $attribute->value); 47 $attribute->value = htmlspecialchars($attrValue, ENT_NOQUOTES, 'UTF-8'); 48 } 49 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Nov 11 20:28:18 2020 | Cross-referenced by PHPXref 0.7.1 |