Edit PHP version constraint and update Composer dependencies
This commit is contained in:
Paul Nicoué
parent
231e1bce63
commit
e5b51981ff
52 changed files with 806 additions and 613 deletions
|
|
@ -30,7 +30,7 @@ use const ENT_SUBSTITUTE;
|
|||
*
|
||||
* @final
|
||||
*/
|
||||
class Escaper
|
||||
class Escaper implements EscaperInterface
|
||||
{
|
||||
/**
|
||||
* Entity Map mapping Unicode codepoints to any available named HTML entities.
|
||||
|
|
@ -183,24 +183,13 @@ class Escaper
|
|||
return $this->encoding;
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string for the HTML Body context where there are very few characters
|
||||
* of special meaning. Internally this will use htmlspecialchars().
|
||||
*
|
||||
* @return ($string is non-empty-string ? non-empty-string : string)
|
||||
*/
|
||||
/** @inheritDoc */
|
||||
public function escapeHtml(string $string)
|
||||
{
|
||||
return htmlspecialchars($string, $this->htmlSpecialCharsFlags, $this->encoding);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string for the HTML Attribute context. We use an extended set of characters
|
||||
* to escape that are not covered by htmlspecialchars() to cover cases where an attribute
|
||||
* might be unquoted or quoted illegally (e.g. backticks are valid quotes for IE).
|
||||
*
|
||||
* @return ($string is non-empty-string ? non-empty-string : string)
|
||||
*/
|
||||
/** @inheritDoc */
|
||||
public function escapeHtmlAttr(string $string)
|
||||
{
|
||||
$string = $this->toUtf8($string);
|
||||
|
|
@ -214,17 +203,7 @@ class Escaper
|
|||
return $this->fromUtf8($result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string for the Javascript context. This does not use json_encode(). An extended
|
||||
* set of characters are escaped beyond ECMAScript's rules for Javascript literal string
|
||||
* escaping in order to prevent misinterpretation of Javascript as HTML leading to the
|
||||
* injection of special characters and entities. The escaping used should be tolerant
|
||||
* of cases where HTML escaping was not applied on top of Javascript escaping correctly.
|
||||
* Backslash escaping is not used as it still leaves the escaped character as-is and so
|
||||
* is not useful in a HTML context.
|
||||
*
|
||||
* @return ($string is non-empty-string ? non-empty-string : string)
|
||||
*/
|
||||
/** @inheritDoc */
|
||||
public function escapeJs(string $string)
|
||||
{
|
||||
$string = $this->toUtf8($string);
|
||||
|
|
@ -238,24 +217,13 @@ class Escaper
|
|||
return $this->fromUtf8($result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string for the URI or Parameter contexts. This should not be used to escape
|
||||
* an entire URI - only a subcomponent being inserted. The function is a simple proxy
|
||||
* to rawurlencode() which now implements RFC 3986 since PHP 5.3 completely.
|
||||
*
|
||||
* @return ($string is non-empty-string ? non-empty-string : string)
|
||||
*/
|
||||
/** @inheritDoc */
|
||||
public function escapeUrl(string $string)
|
||||
{
|
||||
return rawurlencode($string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape a string for the CSS context. CSS escaping can be applied to any string being
|
||||
* inserted into CSS and escapes everything except alphanumerics.
|
||||
*
|
||||
* @return ($string is non-empty-string ? non-empty-string : string)
|
||||
*/
|
||||
/** @inheritDoc */
|
||||
public function escapeCss(string $string)
|
||||
{
|
||||
$string = $this->toUtf8($string);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue