diff --git a/src/FormBuilder.php b/src/FormBuilder.php index 4e7cf0f0..9b2fe1cc 100644 --- a/src/FormBuilder.php +++ b/src/FormBuilder.php @@ -485,7 +485,7 @@ public function textarea($name, $value = null, $options = []) // the element. Then we'll create the final textarea elements HTML for us. $options = $this->html->attributes($options); - return $this->toHtmlString('' . e($value) . ''); + return $this->toHtmlString('' . $this->html->escapeAll($value). ''); } /** @@ -662,7 +662,7 @@ protected function optionGroup($list, $label, $selected) $html[] = $this->option($display, $value, $selected); } - return $this->toHtmlString('' . implode('', $html) . ''); + return $this->toHtmlString('' . implode('', $html) . ''); } /** @@ -680,7 +680,7 @@ protected function option($display, $value, $selected) $options = ['value' => $value, 'selected' => $selected]; - return $this->toHtmlString('html->attributes($options) . '>' . e($display) . ''); + return $this->toHtmlString('html->attributes($options) . '>' . $this->html->escapeAll($display) . ''); } /** @@ -698,7 +698,7 @@ protected function placeholderOption($display, $selected) $options = compact('selected'); $options['value'] = ''; - return $this->toHtmlString('html->attributes($options) . '>' . e($display) . ''); + return $this->toHtmlString('html->attributes($options) . '>' . $this->html->escapeAll($display) . ''); } /** diff --git a/src/HtmlBuilder.php b/src/HtmlBuilder.php index 7306fc42..e6bc5181 100755 --- a/src/HtmlBuilder.php +++ b/src/HtmlBuilder.php @@ -53,6 +53,18 @@ public function entities($value) return htmlentities($value, ENT_QUOTES, 'UTF-8', false); } + /** + * Convert all applicable characters to HTML entities. + * + * @param string $value + * + * @return string + */ + public function escapeAll($value) + { + return htmlentities($value, ENT_QUOTES, 'UTF-8'); + } + /** * Convert entities to HTML characters. * @@ -288,7 +300,7 @@ public function nbsp($num = 1) { return str_repeat(' ', $num); } - + /** * Generate an ordered list of items. * @@ -387,7 +399,7 @@ protected function listingElement($key, $type, $value) if (is_array($value)) { return $this->nestedListing($key, $type, $value); } else { - return '
  • ' . e($value) . '
    • '; + return '
  • ' . $this->escapeAll($value) . '
    • '; } } @@ -449,7 +461,7 @@ protected function attributeElement($key, $value) } if (! is_null($value)) { - return $key . '="' . e($value) . '"'; + return $key . '="' . $this->escapeAll($value) . '"'; } } diff --git a/tests/FormBuilderTest.php b/tests/FormBuilderTest.php index 3e4eaad4..e60212c8 100644 --- a/tests/FormBuilderTest.php +++ b/tests/FormBuilderTest.php @@ -239,11 +239,13 @@ public function testFormTextarea() $form2 = $this->formBuilder->textarea('foo', 'foobar'); $form3 = $this->formBuilder->textarea('foo', null, ['class' => 'span2']); $form4 = $this->formBuilder->textarea('foo', null, ['size' => '60x15']); + $form5 = $this->formBuilder->textarea('encoded_html', '&'); $this->assertEquals('', $form1); $this->assertEquals('', $form2); $this->assertEquals('', $form3); $this->assertEquals('', $form4); + $this->assertEquals('', $form5); } public function testSelect() @@ -301,6 +303,17 @@ public function testSelect() $select, '' ); + + $select = $this->formBuilder->select( + 'encoded_html', + ['no_break_space' => ' ', 'ampersand' => '&', 'lower_than' => '<'], + null + ); + + $this->assertEquals( + $select, + '' + ); } public function testFormSelectRepopulation() @@ -344,6 +357,16 @@ public function testFormWithOptionalPlaceholder() ); $this->assertEquals($select, ''); + + $select = $this->formBuilder->select( + 'encoded_html', + ['no_break_space' => ' ', 'ampersand' => '&', 'lower_than' => '<'], + null, + ['placeholder' => 'Select the  '] + ); + $this->assertEquals($select, + '' + ); } public function testFormSelectYear() diff --git a/tests/HtmlBuilderTest.php b/tests/HtmlBuilderTest.php index 44baeb83..747c89a4 100644 --- a/tests/HtmlBuilderTest.php +++ b/tests/HtmlBuilderTest.php @@ -39,6 +39,28 @@ public function testDl() $this->assertEquals('
    foo
    bar
    bing
    baz
    ', $result); } + public function testOl() + { + $list = ['foo', 'bar', '&']; + + $attributes = ['class' => 'example']; + + $ol = $this->htmlBuilder->ol($list, $attributes); + + $this->assertEquals('
    1. foo
    2. bar
    3. &amp;
    ', $ol); + } + + public function testUl() + { + $list = ['foo', 'bar', '&']; + + $attributes = ['class' => 'example']; + + $ul = $this->htmlBuilder->ul($list, $attributes); + + $this->assertEquals('
    • foo
    • bar
    • &amp;
    ', $ul); + } + public function testMeta() { $result = $this->htmlBuilder->meta('description', 'Lorem ipsum dolor sit amet.'); @@ -58,7 +80,7 @@ public function testTag() $this->htmlBuilder->image('http://example.com/image1'), $this->htmlBuilder->image('http://example.com/image2'), ]; - + $result4 = $this->htmlBuilder->tag('div', $content, ['class' => 'row']); $this->assertEquals('

    ' . PHP_EOL . 'Lorem ipsum dolor sit amet.' . PHP_EOL . '

    ' . PHP_EOL, $result1);