Skip to content

Commit

Permalink
Do not auto-html-escape custom function results.
Browse files Browse the repository at this point in the history
Fixes #906
This behavior is under-defined though. This requires some clear documentation.
  • Loading branch information
wisskid committed Sep 21, 2023
1 parent 26332c9 commit 134e707
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/Compiler/Template.php
Original file line number Diff line number Diff line change
Expand Up @@ -1140,7 +1140,7 @@ private function compileTag2($tag, $args, $parameter) {
if ($this->smarty->getFunctionHandler($base_tag)) {
if (!isset($this->smarty->security_policy) || $this->smarty->security_policy->isTrustedTag($base_tag, $this)) {
return (new \Smarty\Compile\PrintExpressionCompiler())->compile(
[],
['nofilter'], // functions are never auto-escaped
$this,
['value' => $this->compileFunctionCall($base_tag, $args, $parameter)]
);
Expand Down
31 changes: 31 additions & 0 deletions tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,35 @@ public function testAutoEscape()
$tpl->assign('foo', '<[email protected]>');
$this->assertEquals("&lt;[email protected]&gt;", $this->smarty->fetch($tpl));
}

/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeFunctionPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_FUNCTION,
'horizontal_rule',
function ($params, $smarty) { return "<hr>"; }
);
$tpl = $this->smarty->createTemplate('eval:{horizontal_rule}');
$this->assertEquals("<hr>", $this->smarty->fetch($tpl));
}

/**
* test 'escapeHtml' property
* @group issue906
*/
public function testAutoEscapeDoesNotEscapeBlockPlugins()
{
$this->smarty->registerPlugin(
\Smarty\Smarty::PLUGIN_BLOCK,
'paragraphify',
function ($params, $content) { return $content == null ? null : "<p>".$content."</p>"; }
);
$tpl = $this->smarty->createTemplate('eval:{paragraphify}hi{/paragraphify}');
$this->assertEquals("<p>hi</p>", $this->smarty->fetch($tpl));
}

}

0 comments on commit 134e707

Please sign in to comment.