summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Flatz2017-10-18 14:33:49 +0200
committerDavid Flatz2017-10-18 14:35:41 +0200
commitab4709cbff86e16a0f343cf3f8d44f05d1e53dc5 (patch)
tree606b829a8311952f72c2b874d261925a8e184728
parent8d90e01b7ffa90519ce7393175ddd446c69fe84c (diff)
downloaditools-ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5.tar.gz
itools-ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5.tar.bz2
itools-ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5.zip
entity-encode tabs and carriage returns like new lines in attributes so that they won't get replaced by a space character when parsed
see https://www.w3.org/TR/2004/REC-xml-20040204/#AVNormalize
-rw-r--r--it_html.class4
-rwxr-xr-xtests/it_html.t4
2 files changed, 4 insertions, 4 deletions
diff --git a/it_html.class b/it_html.class
index 12ecf6b..02f3f2a 100644
--- a/it_html.class
+++ b/it_html.class
@@ -312,8 +312,8 @@ function _tag($name, $args)
;
else if (isset($value) && $value !== true) # normal case: value
{
- if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f]/', $value)) # WARNING: copy/pasted from Q()
- $result .= " $key=\"" . str_replace("\n", "&#10;", htmlspecialchars(self::_cleanup($value, $charset), ENT_COMPAT, $charset)) . '"';
+ if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f\n\t\r]/', $value)) # WARNING: copy/pasted from Q()
+ $result .= " $key=\"" . str_replace(["\n", "\t", "\r"], ["&#10;", "&#9;", "&#13;"], htmlspecialchars(self::_cleanup($value, $charset), ENT_COMPAT, $charset)) . '"';
else
$result .= " $key=\"$value\"";
}
diff --git a/tests/it_html.t b/tests/it_html.t
index 77c441e..875cccd 100755
--- a/tests/it_html.t
+++ b/tests/it_html.t
@@ -52,8 +52,8 @@ is(
);
is(
- div(array('arg' => "val: \x03, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n", "\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n")),
- "<div arg=\"val: , , , , , , \x09, &#10;\">\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n</div>\n",
+ div(array('arg' => "val: \x03, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r", "\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r")),
+ "<div arg=\"val: , , , , , , &#9;, &#10;, &#13;\">\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r</div>\n",
"blank unprintable characters and illegal utf8 in attributes but not in normal text"
);