Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

encodeHtmlEntities example



    private function renderAttributes(): string
    {
        $rendered = [];
        foreach ($this->attributes as $name => $value) {
            if (null === $value) {
                // Tag should be removed as a sanitizer found suspect data inside                 continue;
            }

            $attr = StringSanitizer::encodeHtmlEntities($name);

            if ('' !== $value) {
                // In quirks mode, IE8 does a poor job producing innerHTML values.                 // If JavaScript does:                 // nodeA.innerHTML = nodeB.innerHTML;                 // and nodeB contains (or even if ` was encoded properly):                 // <div attr="``foo=bar">                 // then IE8 will produce:                 // <div attr=``foo=bar>                 // as the value of nodeB.innerHTML and assign it to nodeA.                 // IE8's HTML parser treats `` as a blank attribute value and foo=bar becomes a separate attribute.
foreach ($cases as $input => $expected) {
            yield $input => [$input$expected];
        }
    }

    /** * @dataProvider provideEncodeHtmlEntites */
    public function testEncodeHtmlEntites(string $input, string $expected)
    {
        $this->assertSame($expected, StringSanitizer::encodeHtmlEntities($input));
    }
}

        throw new \LogicException('Text nodes cannot have children.');
    }

    public function getParent(): ?NodeInterface
    {
        return $this->parentNode;
    }

    public function render(): string
    {
        return StringSanitizer::encodeHtmlEntities($this->text);
    }
}

        return $this->sanitizeWithContext(
            W3CReference::CONTEXTS_MAP[StringSanitizer::htmlLower($element)] ?? W3CReference::CONTEXT_BODY,
            $input
        );
    }

    private function sanitizeWithContext(string $context, string $input): string
    {
        // Text context: early return with HTML encoding         if (W3CReference::CONTEXT_TEXT === $context) {
            return StringSanitizer::encodeHtmlEntities($input);
        }

        // Other context: build a DOM visitor         $this->domVisitors[$context] ??= $this->createDomVisitorForContext($context);

        // Prevent DOS attack induced by extremely long HTML strings         if (\strlen($input) > $this->config->getMaxInputLength()) {
            $input = substr($input, 0, $this->config->getMaxInputLength());
        }

        // Only operate on valid UTF-8 strings. This is necessary to prevent cross
Home | Imprint | This part of the site doesn't use cookies.