diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-29 11:48:55 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-29 11:48:55 -0700 |
| commit | 7adb9ea2e3a42e1c5472024a1699912ae26eacb3 (patch) | |
| tree | 9e435bc853ca0a16e0aec4de38140c3fa10d095a | |
| parent | 1d633457c4482ab96bf936e9951ded2d5ebc8c74 (diff) | |
Adding SafeString::for_html_attr()
| -rw-r--r-- | modules/gallery/libraries/SafeString.php | 19 | ||||
| -rw-r--r-- | modules/gallery/tests/SafeString_Test.php | 21 |
2 files changed, 33 insertions, 7 deletions
diff --git a/modules/gallery/libraries/SafeString.php b/modules/gallery/libraries/SafeString.php index 53bcb27a..709ab5f6 100644 --- a/modules/gallery/libraries/SafeString.php +++ b/modules/gallery/libraries/SafeString.php @@ -90,6 +90,25 @@ class SafeString_Core { } /** + * Safe for use in HTML element attributes. + * + * Assumes that the HTML element attribute is already + * delimited by single or double quotes + * + * Example:<pre> + * <a title="<?= $php_var->for_html_attr() ?>">; + * </script> + * </pre> + * @return the string escaped for use in HTML attributes. + */ + function for_html_attr() { + $string = (string) $this->for_html(); + return strtr($string, + array("'"=>"'", + '"'=>'"')); + } + + /** * Safe for use HTML (purified HTML) * * Example:<pre> diff --git a/modules/gallery/tests/SafeString_Test.php b/modules/gallery/tests/SafeString_Test.php index cdae3e99..73d82c34 100644 --- a/modules/gallery/tests/SafeString_Test.php +++ b/modules/gallery/tests/SafeString_Test.php @@ -18,13 +18,6 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class SafeString_Test extends Unit_Test_Case { - public function p_clean_returns_safestring_instance_test() { - $safe_string = p::clean("hello <p>world</p>"); - $this->assert_true($safe_string instanceof SafeString); - $this->assert_equal("hello <p>world</p>", - $safe_string->unescaped()); - } - public function toString_escapes_for_html_test() { $safe_string = new SafeString("hello <p>world</p>"); $this->assert_equal("hello <p>world</p>", @@ -61,6 +54,20 @@ class SafeString_Test extends Unit_Test_Case { $js_string); } + public function for_html_attr_test() { + $safe_string = new SafeString('"<em>Foo</em>\'s bar"'); + $attr_string = $safe_string->for_html_attr(); + $this->assert_equal('"<em>Foo</em>'s bar"', + $attr_string); + } + + public function for_html_attr_with_safe_html_test() { + $safe_string = SafeString::of('"<em>Foo</em>\'s bar"')->mark_html_safe(); + $attr_string = $safe_string->for_html_attr(); + $this->assert_equal('"<em>Foo</em>'s bar"', + $attr_string); + } + public function string_safestring_equality_test() { $safe_string = new SafeString("hello <p>world</p>"); $this->assert_equal("hello <p>world</p>", |