Twig_Tests_Extension_EscaperTest
extends TestCase
in package
Table of Contents
- $cssSpecialChars : mixed
- $htmlAttrSpecialChars : mixed
- $htmlSpecialChars : mixed
- All character encodings supported by htmlspecialchars().
- $jsSpecialChars : mixed
- $urlSpecialChars : mixed
- provideCustomEscaperCases() : mixed
- provideObjectsForEscaping() : mixed
- testCssEscapingConvertsSpecialChars() : mixed
- testCssEscapingEscapesOwaspRecommendedRanges() : mixed
- testCssEscapingReturnsStringIfContainsOnlyDigits() : mixed
- testCssEscapingReturnsStringIfZeroLength() : mixed
- testCustomEscaper() : mixed
- testHtmlAttributeEscapingConvertsSpecialChars() : mixed
- testHtmlAttributeEscapingEscapesOwaspRecommendedRanges() : mixed
- testHtmlEscapingConvertsSpecialChars() : mixed
- testJavascriptEscapingConvertsSpecialChars() : mixed
- testJavascriptEscapingEscapesOwaspRecommendedRanges() : mixed
- testJavascriptEscapingReturnsStringIfContainsOnlyDigits() : mixed
- testJavascriptEscapingReturnsStringIfZeroLength() : mixed
- testObjectEscaping() : mixed
- testUnicodeCodepointConversionToUtf8() : mixed
- Only testing the first few 2 ranges on this prot. function as that's all these other range tests require.
- testUnknownCustomEscaper() : mixed
- testUrlEscapingConvertsSpecialChars() : mixed
- codepointToUtf8() : string
- Convert a Unicode Codepoint to a literal UTF-8 character.
Properties
$cssSpecialChars
protected
mixed
$cssSpecialChars
= [
/* HTML special chars - escape without exception to hex */
'<' => '\3C ',
'>' => '\3E ',
''' => '\27 ',
'"' => '\22 ',
'&' => '\26 ',
/* Characters beyond ASCII value 255 to unicode escape */
'Ā' => '\100 ',
/* Immune chars excluded */
',' => '\2C ',
'.' => '\2E ',
'_' => '\5F ',
/* Basic alnums excluded */
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
/* Basic control characters and null */
"
" => '\D ',
"
" => '\A ',
" " => '\9 ',
"�" => '\0 ',
/* Encode spaces for quoteless attribute protection */
' ' => '\20 ',
]
$htmlAttrSpecialChars
protected
mixed
$htmlAttrSpecialChars
= [
''' => ''',
/* Characters beyond ASCII value 255 to unicode escape */
'Ā' => 'Ā',
'😀' => '😀',
/* Immune chars excluded */
',' => ',',
'.' => '.',
'-' => '-',
'_' => '_',
/* Basic alnums excluded */
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
/* Basic control characters and null */
"
" => '
',
"
" => '
',
" " => '	',
"�" => '�',
// should use Unicode replacement char
/* Encode chars as named entities where possible */
'<' => '<',
'>' => '>',
'&' => '&',
'"' => '"',
/* Encode spaces for quoteless attribute protection */
' ' => ' ',
]
$htmlSpecialChars
All character encodings supported by htmlspecialchars().
protected
mixed
$htmlSpecialChars
= [''' => ''', '"' => '"', '<' => '<', '>' => '>', '&' => '&']
$jsSpecialChars
protected
mixed
$jsSpecialChars
= [
/* HTML special chars - escape without exception to hex */
'<' => '\u003C',
'>' => '\u003E',
''' => '\u0027',
'"' => '\u0022',
'&' => '\u0026',
'/' => '\/',
/* Characters beyond ASCII value 255 to unicode escape */
'Ā' => '\u0100',
'😀' => '\uD83D\uDE00',
/* Immune chars excluded */
',' => ',',
'.' => '.',
'_' => '_',
/* Basic alnums excluded */
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
/* Basic control characters and null */
"
" => '\r',
"
" => '\n',
"" => '\b',
" " => '\t',
"
" => '\f',
"�" => '\u0000',
/* Encode spaces for quoteless attribute protection */
' ' => '\u0020',
]
$urlSpecialChars
protected
mixed
$urlSpecialChars
= [
/* HTML special chars - escape without exception to percent encoding */
'<' => '%3C',
'>' => '%3E',
''' => '%27',
'"' => '%22',
'&' => '%26',
/* Characters beyond ASCII value 255 to hex sequence */
'Ā' => '%C4%80',
/* Punctuation and unreserved check */
',' => '%2C',
'.' => '.',
'_' => '_',
'-' => '-',
':' => '%3A',
';' => '%3B',
'!' => '%21',
/* Basic alnums excluded */
'a' => 'a',
'A' => 'A',
'z' => 'z',
'Z' => 'Z',
'0' => '0',
'9' => '9',
/* Basic control characters and null */
"
" => '%0D',
"
" => '%0A',
" " => '%09',
"�" => '%00',
/* PHP quirks from the past */
' ' => '%20',
'~' => '~',
'+' => '%2B',
]
Methods
provideCustomEscaperCases()
public
provideCustomEscaperCases() : mixed
Return values
mixed —provideObjectsForEscaping()
public
provideObjectsForEscaping() : mixed
Return values
mixed —testCssEscapingConvertsSpecialChars()
public
testCssEscapingConvertsSpecialChars() : mixed
Return values
mixed —testCssEscapingEscapesOwaspRecommendedRanges()
public
testCssEscapingEscapesOwaspRecommendedRanges() : mixed
Return values
mixed —testCssEscapingReturnsStringIfContainsOnlyDigits()
public
testCssEscapingReturnsStringIfContainsOnlyDigits() : mixed
Return values
mixed —testCssEscapingReturnsStringIfZeroLength()
public
testCssEscapingReturnsStringIfZeroLength() : mixed
Return values
mixed —testCustomEscaper()
public
testCustomEscaper(mixed $expected, mixed $string, mixed $strategy) : mixed
Parameters
- $expected : mixed
- $string : mixed
- $strategy : mixed
Tags
Return values
mixed —testHtmlAttributeEscapingConvertsSpecialChars()
public
testHtmlAttributeEscapingConvertsSpecialChars() : mixed
Return values
mixed —testHtmlAttributeEscapingEscapesOwaspRecommendedRanges()
public
testHtmlAttributeEscapingEscapesOwaspRecommendedRanges() : mixed
Return values
mixed —testHtmlEscapingConvertsSpecialChars()
public
testHtmlEscapingConvertsSpecialChars() : mixed
Return values
mixed —testJavascriptEscapingConvertsSpecialChars()
public
testJavascriptEscapingConvertsSpecialChars() : mixed
Return values
mixed —testJavascriptEscapingEscapesOwaspRecommendedRanges()
public
testJavascriptEscapingEscapesOwaspRecommendedRanges() : mixed
Return values
mixed —testJavascriptEscapingReturnsStringIfContainsOnlyDigits()
public
testJavascriptEscapingReturnsStringIfContainsOnlyDigits() : mixed
Return values
mixed —testJavascriptEscapingReturnsStringIfZeroLength()
public
testJavascriptEscapingReturnsStringIfZeroLength() : mixed
Return values
mixed —testObjectEscaping()
public
testObjectEscaping(string $escapedHtml, string $escapedJs, array<string|int, mixed> $safeClasses) : mixed
Parameters
- $escapedHtml : string
- $escapedJs : string
- $safeClasses : array<string|int, mixed>
Tags
Return values
mixed —testUnicodeCodepointConversionToUtf8()
Only testing the first few 2 ranges on this prot. function as that's all these other range tests require.
public
testUnicodeCodepointConversionToUtf8() : mixed
Return values
mixed —testUnknownCustomEscaper()
public
testUnknownCustomEscaper() : mixed
Tags
Return values
mixed —testUrlEscapingConvertsSpecialChars()
public
testUrlEscapingConvertsSpecialChars() : mixed
Return values
mixed —codepointToUtf8()
Convert a Unicode Codepoint to a literal UTF-8 character.
protected
codepointToUtf8(int $codepoint) : string
Parameters
- $codepoint : int
-
Unicode codepoint in hex notation
Return values
string —UTF-8 literal string