aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/smarty/smarty/libs/plugins/modifiercompiler.escape.php
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/smarty/smarty/libs/plugins/modifiercompiler.escape.php')
-rw-r--r--vendor/smarty/smarty/libs/plugins/modifiercompiler.escape.php10
1 files changed, 4 insertions, 6 deletions
diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.escape.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.escape.php
index e0763adce..70b95cc9d 100644
--- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.escape.php
+++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.escape.php
@@ -11,7 +11,7 @@
* Name: escape
* Purpose: escape string for output
*
- * @link http://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
+ * @link https://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
* @author Rodney Rehm
*
* @param array $params parameters
@@ -22,7 +22,7 @@
*/
function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompilerBase $compiler)
{
- static $_double_encode = null;
+ static $_double_encode = true;
static $is_loaded = false;
$compiler->template->_checkPlugins(
array(
@@ -32,9 +32,6 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
)
)
);
- if ($_double_encode === null) {
- $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
- }
try {
$esc_type = smarty_literal_compiler_param($params, 1, 'html');
$char_set = smarty_literal_compiler_param($params, 2, Smarty::$_CHARSET);
@@ -89,9 +86,10 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[ 0 ] . ')';
case 'javascript':
// escape quotes and backslashes, newlines, etc.
+ // see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
return 'strtr(' .
$params[ 0 ] .
- ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))';
+ ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S" ))';
}
} catch (SmartyException $e) {
// pass through to regular plugin fallback
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 18:51:24 +0000