summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--framework/Web/THttpUtility.php16
-rw-r--r--framework/Web/UI/THtmlWriter.php40
2 files changed, 20 insertions, 36 deletions
diff --git a/framework/Web/THttpUtility.php b/framework/Web/THttpUtility.php
index 6a39b91f..0e81af56 100644
--- a/framework/Web/THttpUtility.php
+++ b/framework/Web/THttpUtility.php
@@ -4,7 +4,7 @@
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @link http://www.pradosoft.com/
- * @copyright Copyright &copy; 2005-2011 PradoSoft
+ * @copyright Copyright &copy; 2005-2011 PradoSoft
* @license http://www.pradosoft.com/license/
* @version $Id$
* @package System.Web
@@ -22,12 +22,13 @@ class THttpUtility
{
private static $_encodeTable=array('<'=>'&lt;','>'=>'&gt;','"'=>'&quot;');
private static $_decodeTable=array('&lt;'=>'<','&gt;'=>'>','&quot;'=>'"');
+ private static $_stripTable=array('&lt;'=>'','&gt;'=>'','&quot;'=>'');
/**
* HTML-encodes a string.
* This method translates the following characters to their corresponding
* HTML entities: <, >, "
- * Note, unlike {@link htmlspeicalchars}, & is not translated.
+ * Note, unlike {@link htmlspecialchars}, & is not translated.
* @param string string to be encoded
* @return string encoded string
*/
@@ -46,5 +47,16 @@ class THttpUtility
{
return strtr($s,self::$_decodeTable);
}
+
+ /**
+ * This method strips the following characters from a string:
+ * HTML entities: <, >, "
+ * @param string string to be encoded
+ * @return string encoded string
+ */
+ public static function htmlStrip($s)
+ {
+ return strtr($s,self::$_stripTable);
+ }
}
diff --git a/framework/Web/UI/THtmlWriter.php b/framework/Web/UI/THtmlWriter.php
index beb439b8..80dcbc6e 100644
--- a/framework/Web/UI/THtmlWriter.php
+++ b/framework/Web/UI/THtmlWriter.php
@@ -58,34 +58,6 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter
'wbr'=>true,
);
/**
- * @var array list of attributes that need HTML encoding
- */
- private static $_attrEncode=array(
- 'abbr'=>true,
- 'accesskey'=>true,
- 'alt'=>true,
- 'axis'=>true,
- 'background'=>true,
- 'class'=>true,
- 'content'=>true,
- 'headers'=>true,
- 'href'=>true,
- 'longdesc'=>true,
- 'onclick'=>true,
- 'onchange'=>true,
- 'src'=>true,
- 'title'=>true,
- 'label'=>true,
- 'value'=>true
- );
- /**
- * @var array list of stylesheet attributes that need HTML encoding
- */
- private static $_styleEncode=array(
- 'background-image'=>true,
- 'list-style-image'=>true
- );
- /**
* @var array list of attributes to be rendered for a tag
*/
private $_attributes=array();
@@ -127,7 +99,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter
public function addAttributes($attrs)
{
foreach($attrs as $name=>$value)
- $this->_attributes[$name]=isset(self::$_attrEncode[$name])?THttpUtility::htmlEncode($value):$value;
+ $this->_attributes[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value);
}
/**
@@ -137,7 +109,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter
*/
public function addAttribute($name,$value)
{
- $this->_attributes[$name]=isset(self::$_attrEncode[$name])?THttpUtility::htmlEncode($value):$value;
+ $this->_attributes[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value);
}
/**
@@ -146,7 +118,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter
*/
public function removeAttribute($name)
{
- unset($this->_attributes[$name]);
+ unset($this->_attributes[THttpUtility::htmlStrip($name)]);
}
/**
@@ -156,7 +128,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter
public function addStyleAttributes($attrs)
{
foreach($attrs as $name=>$value)
- $this->_styles[$name]=isset(self::$_styleEncode[$name])?THttpUtility::htmlEncode($value):$value;
+ $this->_styles[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value);
}
/**
@@ -166,7 +138,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter
*/
public function addStyleAttribute($name,$value)
{
- $this->_styles[$name]=isset(self::$_styleEncode[$name])?THttpUtility::htmlEncode($value):$value;
+ $this->_styles[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value);
}
/**
@@ -175,7 +147,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter
*/
public function removeStyleAttribute($name)
{
- unset($this->_styles[$name]);
+ unset($this->_styles[THttpUtility::htmlStrip($name)]);
}
/**