From 7adb9ea2e3a42e1c5472024a1699912ae26eacb3 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 11:48:55 -0700
Subject: Adding SafeString::for_html_attr()

---
 modules/gallery/libraries/SafeString.php  | 19 +++++++++++++++++++
 modules/gallery/tests/SafeString_Test.php | 21 ++++++++++++++-------
 2 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/modules/gallery/libraries/SafeString.php b/modules/gallery/libraries/SafeString.php
index 53bcb27a..709ab5f6 100644
--- a/modules/gallery/libraries/SafeString.php
+++ b/modules/gallery/libraries/SafeString.php
@@ -89,6 +89,25 @@ class SafeString_Core {
     return self::_escape_for_js($this->_raw_string);
   }
 
+  /**
+   * Safe for use in HTML element attributes.
+   *
+   * Assumes that the HTML element attribute is already
+   * delimited by single or double quotes
+   *
+   * Example:<pre>
+   *     <a title="<?= $php_var->for_html_attr() ?>">;
+   *   </script>
+   * </pre>
+   * @return the string escaped for use in HTML attributes.
+   */
+  function for_html_attr() {
+    $string = (string) $this->for_html();
+    return strtr($string,
+		 array("'"=>"&#039;",
+		       '"'=>'&quot;'));
+  }
+
   /**
    * Safe for use HTML (purified HTML)
    *
diff --git a/modules/gallery/tests/SafeString_Test.php b/modules/gallery/tests/SafeString_Test.php
index cdae3e99..73d82c34 100644
--- a/modules/gallery/tests/SafeString_Test.php
+++ b/modules/gallery/tests/SafeString_Test.php
@@ -18,13 +18,6 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class SafeString_Test extends Unit_Test_Case {
-  public function p_clean_returns_safestring_instance_test() {
-    $safe_string = p::clean("hello <p>world</p>");
-    $this->assert_true($safe_string instanceof SafeString);
-    $this->assert_equal("hello <p>world</p>",
-			$safe_string->unescaped());
-  }
-
   public function toString_escapes_for_html_test() {
     $safe_string = new SafeString("hello <p>world</p>");
     $this->assert_equal("hello &lt;p&gt;world&lt;/p&gt;",
@@ -61,6 +54,20 @@ class SafeString_Test extends Unit_Test_Case {
 			$js_string);
   }
 
+  public function for_html_attr_test() {
+    $safe_string = new SafeString('"<em>Foo</em>\'s bar"');
+    $attr_string = $safe_string->for_html_attr();
+    $this->assert_equal('&quot;&lt;em&gt;Foo&lt;/em&gt;&#039;s bar&quot;',
+			$attr_string);
+  }
+
+  public function for_html_attr_with_safe_html_test() {
+    $safe_string = SafeString::of('"<em>Foo</em>\'s bar"')->mark_html_safe();
+    $attr_string = $safe_string->for_html_attr();
+    $this->assert_equal('&quot;<em>Foo</em>&#039;s bar&quot;',
+			$attr_string);
+  }
+
   public function string_safestring_equality_test() {
     $safe_string = new SafeString("hello <p>world</p>");
     $this->assert_equal("hello <p>world</p>",
-- 
cgit v1.2.3