diff --git a/.github/workflows/code_analysis.yaml b/.github/workflows/code_analysis.yaml index a0ae72a..04d7d95 100644 --- a/.github/workflows/code_analysis.yaml +++ b/.github/workflows/code_analysis.yaml @@ -9,14 +9,17 @@ jobs: strategy: fail-fast: false matrix: - php: ['7.3', '7.4', '8.0', '8.1'] + php: + # - '7.1' # incompatible tester + - '7.2' + - '7.3' + - '7.4' + - '8.0' + # - '8.1' # not yet compatible (PHP 8.1 RC2) actions: - name: PHPStan run: composer phpstan - - name: Easy Coding Standard - run: composer ecs - - name: Unit tests run: vendor/bin/tester tests -s -C @@ -48,8 +51,6 @@ jobs: ${{ steps.composer-cache.outputs.dir }} **/composer.lock key: ${{ runner.os }}-${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }} - restore-keys: | - ${{ runner.os }}-${{ matrix.php }}-composer- - name: Install Composer diff --git a/README.md b/README.md index a11fa73..cb79a66 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Package is substrate of [Latte package](https://github.com/nette/latte/) - Escape HTML - Escape HTML attributes - Escape HTML comments +- Escape XML - Escape JS - Escape URL - Escape CSS @@ -52,6 +53,10 @@ echo ''], + ['Foo\\bar', Html::fromHtml('Foo
bar')] + ]; } @@ -165,6 +211,7 @@ public function getUrlArgs(): array ['a+b', 'a b'], ['a%27b', 'a\'b'], ['a%22b', 'a"b'], + ['Foo%3Cbr%3Ebar', Html::fromHtml('Foo
bar')] ]; } @@ -175,6 +222,37 @@ public function testUrl(string $expected, $data): void { Assert::same($expected, Escape::url($data)); } + + public function getNoescapeArgs(): array + { + return [ + ['', null], + ['', ''], + ['1', 1], + ['string', 'string'], + ['
', '
'], + ['< & \' " >', '< & \' " >'], + ['"', '"'], + ['`hello', '`hello'], + ["foo \u{D800} bar", "foo \u{D800} bar"], // invalid codepoint high surrogates + ["foo \xE3\x80\x22 bar", "foo \xE3\x80\x22 bar"], // stripped UTF + ['Hello World', 'Hello World'], + ['Hello ', 'Hello '], + ["\" ' < > & \x8F", "\" ' < > & \x8F"], + ['`hello`', '`hello`'], + ['`
`', '`
`'], + ['Foo
bar', Html::fromHtml('Foo
bar')] + ]; + } + + /** + * @dataProvider getNoescapeArgs + */ + public function testNoescape(string $expected, $data): void + { + Assert::same($expected, Escape::noescape($data)); + } + } (new EscapeTest())->run();