From ab4709cbff86e16a0f343cf3f8d44f05d1e53dc5 Mon Sep 17 00:00:00 2001 From: David Flatz Date: Wed, 18 Oct 2017 14:33:49 +0200 Subject: entity-encode tabs and carriage returns like new lines in attributes so that they won't get replaced by a space character when parsed see https://www.w3.org/TR/2004/REC-xml-20040204/#AVNormalize --- it_html.class | 4 ++-- tests/it_html.t | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/it_html.class b/it_html.class index 12ecf6b..02f3f2a 100644 --- a/it_html.class +++ b/it_html.class @@ -312,8 +312,8 @@ function _tag($name, $args) ; else if (isset($value) && $value !== true) # normal case: value { - if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f]/', $value)) # WARNING: copy/pasted from Q() - $result .= " $key=\"" . str_replace("\n", " ", htmlspecialchars(self::_cleanup($value, $charset), ENT_COMPAT, $charset)) . '"'; + if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\x9f\n\t\r]/', $value)) # WARNING: copy/pasted from Q() + $result .= " $key=\"" . str_replace(["\n", "\t", "\r"], [" ", " ", " "], htmlspecialchars(self::_cleanup($value, $charset), ENT_COMPAT, $charset)) . '"'; else $result .= " $key=\"$value\""; } diff --git a/tests/it_html.t b/tests/it_html.t index 77c441e..875cccd 100755 --- a/tests/it_html.t +++ b/tests/it_html.t @@ -52,8 +52,8 @@ is( ); is( - div(array('arg' => "val: \x03, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n", "\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n")), - "
\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \x09, \n
\n", + div(array('arg' => "val: \x03, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r", "\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r")), + "
\x02, \x0e, \x0f, \x0c, \xc2\x80, \xc2\x9f, \t, \n, \r
\n", "blank unprintable characters and illegal utf8 in attributes but not in normal text" ); -- cgit v1.2.3