test: add tests for escaped html

TorstenDittmann · TorstenDittmann · commit 5b62a82419fa · 2024-01-08T13:39:26.000+01:00
diff --git a/src/View.php b/src/View.php
@@ -84,7 +84,7 @@ public function setParam(string $key, mixed $value, bool $escapeHtml = true): st
         }
 
         if (is_string($value) && $escapeHtml) {
-            $value = htmlspecialchars($value, encoding: 'UTF-8');
+            $value = \htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
         }
 
         $this->params[$key] = $value;
diff --git a/tests/ViewTest.php b/tests/ViewTest.php
@@ -83,4 +83,10 @@ public function testCanFilterNewLinesToParagraphs()
     {
         $this->assertEquals('<p>line1</p><p>line2</p>', $this->view->print("line1\n\nline2", View::FILTER_NL2P));
     }
+
+    public function testCanSetParamWithEscapedHtml()
+    {
+        $this->view->setParam('key', '<html>value</html>');
+        $this->assertEquals('&lt;html&gt;value&lt;/html&gt;', $this->view->getParam('key', 'default'));
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ public function setParam(string $key, mixed $value, bool $escapeHtml = true): st`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`if (is_string($value) && $escapeHtml) {`
`87`		`- $value = htmlspecialchars($value, encoding: 'UTF-8');`
	`87`	`+ $value = \htmlspecialchars($value, ENT_QUOTES, 'UTF-8');`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`$this->params[$key] = $value;`
Original file line number	Diff line number	Diff line change
`@@ -83,4 +83,10 @@ public function testCanFilterNewLinesToParagraphs()`
`83`	`83`	`{`
`84`	`84`	`$this->assertEquals('<p>line1</p><p>line2</p>', $this->view->print("line1\n\nline2", View::FILTER_NL2P));`
`85`	`85`	`}`
	`86`	`+`
	`87`	`+ public function testCanSetParamWithEscapedHtml()`
	`88`	`+ {`
	`89`	`+ $this->view->setParam('key', '<html>value</html>');`
	`90`	`+ $this->assertEquals('<html>value</html>', $this->view->getParam('key', 'default'));`
	`91`	`+ }`
`86`	`92`	`}`