Commit 70bad3e3 authored by alexpott's avatar alexpott

Issue #2509218 by plach, stefan.r, pwolanin, effulgentsia, dawehner,...

Issue #2509218 by plach, stefan.r, pwolanin, effulgentsia, dawehner, jhedstrom, almaudoh, Wim Leers, subhojit777, iMiksu, alexpott, catch, xjm, lauriii, joelpittet, Cottser: Ensure that SafeString objects can be used in non-HTML contexts
parent d8ec08e2
<?php
/**
* @file
* Contains \Drupal\Component\Utility\OutputStrategyInterface.
*/
namespace Drupal\Component\Utility;
/**
* Provides an output strategy that formats HTML strings for a given context.
*
* Output strategies assist in transforming HTML strings into strings that are
* appropriate for a given context (e.g. plain-text), through performing the
* relevant formatting. No santization is applied.
*/
interface OutputStrategyInterface {
/**
* Transforms a given HTML string into to a context-appropriate output string.
*
* This transformation consists of performing the formatting appropriate to
* a given output context (e.g., plain-text email subjects, HTML attribute
* values).
*
* @param string|object $string
* An HTML string or an object with a ::__toString() magic method returning
* HTML markup. The source HTML markup is considered ready for output into
* HTML fragments and thus already properly escaped and sanitized.
*
* @return string
* A new string that is formatted according to the output strategy.
*/
public static function renderFromHtml($string);
}
<?php
/**
* @file
* Contains \Drupal\Component\Utility\PlainTextOutput.
*/
namespace Drupal\Component\Utility;
/**
* Provides an output strategy for transforming HTML into simple plain text.
*
* Use this when rendering a given HTML string into a plain text string that
* does not need special formatting, such as a label or an email subject.
*
* Returns a string with HTML tags stripped and HTML entities decoded suitable
* for email or other non-HTML contexts.
*/
class PlainTextOutput implements OutputStrategyInterface {
/**
* {@inheritdoc}
*/
public static function renderFromHtml($string) {
return Html::decodeEntities(strip_tags((string) $string));
}
}
......@@ -140,9 +140,6 @@ public function render() {
}
// Handle any replacements.
// @todo https://www.drupal.org/node/2509218 Note that the argument
// replacement is not stored so that different sanitization strategies can
// be used in different contexts.
if ($args = $this->getArguments()) {
return $this->placeholderFormat($this->translatableString, $args);
}
......
<?php
/**
* @file
* Contains \Drupal\Tests\Component\Utility\PlainTextOutputTest.
*/
namespace Drupal\Tests\Component\Utility;
use Drupal\Component\Utility\PlainTextOutput;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\SafeStringInterface;
use Drupal\Tests\UnitTestCase;
/**
* @coversDefaultClass \Drupal\Component\Utility\PlainTextOutput
* @group Utility
*/
class PlainTextOutputTest extends UnitTestCase {
/**
* Tests ::renderFromHtml().
*
* @param $expected
* The expected formatted value.
* @param $string
* A string to be formatted.
* @param array $args
* (optional) An associative array of replacements to make. Defaults to
* none.
*
* @covers ::renderFromHtml
* @dataProvider providerRenderFromHtml
*/
public function testRenderFromHtml($expected, $string, $args = []) {
$markup = SafeMarkup::format($string, $args);
$output = PlainTextOutput::renderFromHtml($markup);
$this->assertSame($expected, $output);
}
/**
* Data provider for ::testRenderFromHtml()
*/
public function providerRenderFromHtml() {
$data = [];
$data['simple-text'] = ['Giraffes and wombats', 'Giraffes and wombats'];
$data['simple-html'] = ['Giraffes and wombats', '<a href="/muh">Giraffes</a> and <strong>wombats</strong>'];
$data['html-with-quote'] = ['Giraffes and quote"s', '<a href="/muh">Giraffes</a> and <strong>quote"s</strong>'];
$expected = 'The <em> tag makes your text look like "this".';
$string = 'The &lt;em&gt; tag makes your text look like <em>"this"</em>.';
$data['escaped-html-with-quotes'] = [$expected, $string];
$safe_string = $this->prophesize(SafeStringInterface::class);
$safe_string->__toString()->willReturn('<em>"this"</em>');
$safe_string = $safe_string->reveal();
$data['escaped-html-with-quotes-and-placeholders'] = [$expected, 'The @tag tag makes your text look like @result.', ['@tag' =>'<em>', '@result' => $safe_string]];
$safe_string = $this->prophesize(SafeStringInterface::class);
$safe_string->__toString()->willReturn($string);
$safe_string = $safe_string->reveal();
$data['safe-string'] = [$expected, $safe_string];
return $data;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment