diff options
author | David Flatz | 2017-10-18 14:33:49 +0200 |
---|---|---|
committer | David Flatz | 2017-10-18 14:35:41 +0200 |
commit | ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5 (patch) | |
tree | 606b829a8311952f72c2b874d261925a8e184728 | |
parent | 8d90e01b7ffa90519ce7393175ddd446c69fe84c (diff) | |
download | itools-ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5.tar.gz itools-ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5.tar.bz2 itools-ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5.zip |
entity-encode tabs and carriage returns like new lines in attributes so that they won't get replaced by a space character when parsed
see https://www.w3.org/TR/2004/REC-xml-20040204/#AVNormalize
-rw-r--r-- | it_html.class | 4 | ||||
-rwxr-xr-x | tests/it_html.t | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/it_html.class b/it_html.class index 12ecf6b..02f3f2a 100644 --- a/it_html.class +++ b/it_html.class @@ -312,8 +312,8 @@ function _tag($name, $args) ; else if (isset($value) && $value !== true) # normal case: value { - if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f]/', $value)) # WARNING: copy/pasted from Q() - $result .= " $key=\"" . str_replace("\n", " ", htmlspecialchars(self::_cleanup($value, $charset), ENT_COMPAT, $charset)) . '"'; + if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f\n\t\r]/', $value)) # WARNING: copy/pasted from Q() + $result .= " $key=\"" . str_replace(["\n", "\t", "\r"], [" ", "	", " "], htmlspecialchars(self::_cleanup($value, $charset), ENT_COMPAT, $charset)) . '"'; else $result .= " $key=\"$value\""; } diff --git a/tests/it_html.t b/tests/it_html.t index 77c441e..875cccd 100755 --- a/tests/it_html.t +++ b/tests/it_html.t @@ -52,8 +52,8 @@ is( ); is( - div(array('arg' => "val: \x03, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n", "\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n")), - "<div arg=\"val: , , , , , , \x09, \">\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n</div>\n", + div(array('arg' => "val: \x03, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r", "\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r")), + "<div arg=\"val: , , , , , , 	, , \">\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r</div>\n", "blank unprintable characters and illegal utf8 in attributes but not in normal text" ); |