Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not auto-html-escape custom function results. #908

Merged
merged 11 commits into from
Nov 6, 2023
Merged

Do not auto-html-escape custom function results. #908

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
134e707
Do not auto-html-escape custom function results.
wisskid Sep 21, 2023
50dd685
Add changelog
wisskid Nov 6, 2023
46f9687
Fix case-sensitive tag names (#907) (#910)
Jack-Dane Oct 22, 2023
ae5ca4e
add case sensitivity test
wisskid Oct 22, 2023
0dd786e
Added some extra unit test
wisskid Oct 22, 2023
a65c652
changelog
wisskid Nov 6, 2023
ffb9f9e
Typos in documentation (#914)
shadowwa Oct 28, 2023
d5c7f8c
Add support for MacOS test running using mutagen-compose.
wisskid Nov 6, 2023
20764ff
Add changelog
wisskid Nov 6, 2023
66ba7cf
Fix double changelog merged entry
wisskid Nov 6, 2023
c7a64ce
Merge branch 'master' into issue_906
wisskid Nov 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
- Registered output filters wouldn't run [#899](https://github.com/smarty-php/smarty/issues/899)
- Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895)
- Do not auto-html-escape custom function results [#906](https://github.com/smarty-php/smarty/issues/906)
- Fix case-sensitive tag names [#907](https://github.com/smarty-php/smarty/issues/907)

### Removed
Expand Down
2 changes: 1 addition & 1 deletion src/Compiler/Template.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1143,7 +1143,7 @@ private function compileTag2($tag, $args, $parameter) {
if ($this->smarty->getFunctionHandler($base_tag)) {
if (!isset($this->smarty->security_policy) || $this->smarty->security_policy->isTrustedTag($base_tag, $this)) {
return (new \Smarty\Compile\PrintExpressionCompiler())->compile(
[],
['nofilter'], // functions are never auto-escaped
$this,
['value' => $this->compileFunctionCall($base_tag, $args, $parameter)]
);
Expand Down
31 changes: 31 additions & 0 deletions tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,35 @@ public function testAutoEscape()
$tpl->assign('foo', '<a@b.c>');
$this->assertEquals("&lt;a@b.c&gt;", $this->smarty->fetch($tpl));
}

/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeFunctionPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_FUNCTION,
'horizontal_rule',
function ($params, $smarty) { return "<hr>"; }
);
$tpl = $this->smarty->createTemplate('eval:{horizontal_rule}');
$this->assertEquals("<hr>", $this->smarty->fetch($tpl));
}

/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeBlockPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_BLOCK,
'paragraphify',
function ($params, $content) { return $content == null ? null : "<p>".$content."</p>"; }
);
$tpl = $this->smarty->createTemplate('eval:{paragraphify}hi{/paragraphify}');
$this->assertEquals("<p>hi</p>", $this->smarty->fetch($tpl));
}

}