Skip to content

Commit df261e7

Browse files
author
Igor Melnikov
committed
MAGETWO-57271: Modify escapeHtml function to filter not allowed attributes and tags
Modifying function to filter not allowed tags and attributes
1 parent 4365b1f commit df261e7

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

lib/internal/Magento/Framework/Escaper.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ function ($errorNumber, $errorString) {
7676
} catch (\Exception $e) {
7777
restore_error_handler();
7878
$this->getLogger()->critical($e);
79-
return '';
79+
return $this->escapeHtml($data);
8080
}
8181
restore_error_handler();
8282

lib/internal/Magento/Framework/Test/Unit/EscaperTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,7 @@ public function escapeHtmlDataProvider()
225225
],
226226
'html and body tags' => [
227227
'data' => '<html><body><span>String</span></body></html>',
228-
'expected' => '',
228+
'expected' => '&lt;html&gt;&lt;body&gt;&lt;span&gt;String&lt;/span&gt;&lt;/body&gt;&lt;/html&gt;',
229229
'allowedTags' => ['span'],
230230
],
231231
];
@@ -244,7 +244,7 @@ public function escapeHtmlInvalidDataProvider()
244244
],
245245
'text with invalid html' => [
246246
'data' => '<spa>n id="id1">Some string</span>',
247-
'expected' => '',
247+
'expected' => '&lt;spa&gt;n id=&quot;id1&quot;&gt;Some string&lt;/span&gt;',
248248
'allowedTags' => ['span'],
249249
],
250250
];

0 commit comments

Comments
 (0)