From be7d40e7323564c540ea9a2eb0d8900602b39549 Mon Sep 17 00:00:00 2001 From: Quentin Gabriele Date: Sun, 24 Nov 2024 16:30:31 +0100 Subject: [PATCH] escape tag content and props --- src/Tags/Script.php | 2 ++ src/Tags/Tag.php | 6 +++++- src/Tags/TagVoid.php | 12 +++++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/Tags/Script.php b/src/Tags/Script.php index 6c4baee..07db1de 100644 --- a/src/Tags/Script.php +++ b/src/Tags/Script.php @@ -8,6 +8,8 @@ class Script extends Tag { public string $tag = 'script'; + protected bool $escape = false; + public function __construct( public ?string $type = null, public ?string $content = null, diff --git a/src/Tags/Tag.php b/src/Tags/Tag.php index 555f39a..a89bde2 100644 --- a/src/Tags/Tag.php +++ b/src/Tags/Tag.php @@ -6,8 +6,12 @@ abstract class Tag extends TagVoid { public ?string $content = null; + protected bool $escape = true; + public function toHtml(): string { - return "<{$this->tag} {$this->toProperties()->join(' ')}>{$this->content}tag}>"; + $content = $this->escape ? e($this->content, false) : $this->content; + + return "<{$this->tag} {$this->toProperties()->join(' ')}>{$content}tag}>"; } } diff --git a/src/Tags/TagVoid.php b/src/Tags/TagVoid.php index 009df4e..0f7cf57 100644 --- a/src/Tags/TagVoid.php +++ b/src/Tags/TagVoid.php @@ -22,10 +22,16 @@ abstract class TagVoid implements Htmlable */ public function toProperties(): Collection { + if (! $this->properties) { + return new Collection; + } + return $this->properties - ?->map(fn (?string $value) => $value ? trim($value) : null) - ->map(fn (?string $value, string $property) => "{$property}=\"{$value}\"") - ?? new Collection; + ->map(function (string $value, string $property) { + $value = e(trim($value)); + + return "{$property}=\"{$value}\""; + }); } public function toHtml(): string