8000 [Form][FrameworkBundle] Fixed escaping of choice widgets · ivanrey/symfony@bc0efff · GitHub
[go: up one dir, main page]
Skip to content

Commit bc0efff

Browse files
webmozartwebmozart
committed
[Form][FrameworkBundle] Fixed escaping of choice widgets
1 parent e787d5d commit bc0efff

File tree

2 files changed

+49
-49
lines changed

2 files changed

+49
-49
lines changed

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget.html.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,26 +17,26 @@
1717
<?php if (count($preferred_choices) > 0): ?>
1818
<?php foreach ($preferred_choices as $choice => $label): ?>
1919
<?php if ($form->isChoiceGroup($label)): ?>
20-
<optgroup label="<?php echo $choice ?>">
20+
<optgroup label="<?php echo $view->escape($choice) ?>">
2121
<?php foreach ($label as $nestedChoice => $nestedLabel): ?>
22-
<option value="<?php echo $nestedChoice ?>"<?php if ($form->isChoiceSelected($nestedChoice)): ?> selected="selected"<?php endif?>><?php echo $nestedLabel ?></option>
22+
<option value="<?php echo $view->escape($nestedChoice) ?>"<?php if ($form->isChoiceSelected($nestedChoice)): ?> selected="selected"<?php endif?>><?php echo $view->escape($nestedLabel) ?></option>
2323
<?php endforeach ?>
2424
</optgroup>
2525
<?php else: ?>
26-
<option value="<?php echo $choice ?>"<?php if ($form->isChoiceSelected($choice)): ?> selected="selected"<?php endif?>><?php echo $label ?></option>
26+
<option value="<?php echo $view->escape($choice) ?>"<?php if ($form->isChoiceSelected($choice)): ?> selected="selected"<?php endif?>><?php echo $view->escape($label) ?></option>
2727
<?php endif ?>
2828
<?php endforeach ?>
2929
<option disabled="disabled"><?php echo $separator ?></option>
3030
<?php endif ?>
3131
<?php foreach ($choices as $choice => $label): ?>
3232
<?php if ($form->isChoiceGroup($label)): ?>
33-
<optgroup label="<?php echo $choice ?>">
33+
<optgroup label="<?php echo $view->escape($choice) ?>">
3434
<?php foreach ($label as $nestedChoice => $nestedLabel): ?>
35-
<option value="<?php echo $nestedChoice ?>"<?php if ($form->isChoiceSelected($nestedChoice)): ?> selected="selected"<?php endif?>><?php echo $nestedLabel ?></option>
35+
<option value="<?php echo $view->escape($nestedChoice) ?>"<?php if ($form->isChoiceSelected($nestedChoice)): ?> selected="selected"<?php endif?>><?php echo $view->escape($nestedLabel) ?></option>
3636
<?php endforeach ?>
3737
</optgroup>
3838
<?php else: ?>
39-
<option value="<?php echo $choice ?>"<?php if ($form->isChoiceSelected($choice)): ?> selected="selected"<?php endif?>><?php echo $label ?></option>
39+
<option value="<?php echo $view->escape($choice) ?>"<?php if ($form->isChoiceSelected($choice)): ?> selected="selected"<?php endif?>><?php echo $view->escape($label) ?></option>
4040
<?php endif ?>
4141
<?php endforeach ?>
4242
</select>

tests/Symfony/Tests/Component/Form/AbstractLayoutTest.php

Lines changed: 43 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -236,8 +236,8 @@ public function testSingleChoice()
236236
{
237237
$form = $this->factory->create('choice', 'na&me', array(
238238
'property_path' => 'name',
239-
'choices' => array('a' => 'Choice A', 'b' => 'Choice B'),
240-
'data' => 'a',
239+
'choices' => array('&a' => 'Choice&A', '&b' => 'Choice&B'),
240+
'data' => '&a',
241241
'multiple' => false,
242242
'expanded' => false,
243243
));
@@ -246,8 +246,8 @@ public function testSingleChoice()
246246
'/select
247247
[@name="na&me"]
248248
[
249-
./option[@value="a"][@selected="selected"][.="Choice A"]
250-
/following-sibling::option[@value="b"][not(@selected)][.="Choice B"]
249+
./option[@value="&a"][@selected="selected"][.="Choice&A"]
250+
/following-sibling::option[@value="&b"][not(@selected)][.="Choice&B"]
251251
]
252252
[count(./option)=2]
253253
'
@@ -258,9 +258,9 @@ public function testSingleChoiceWithPreferred()
258258
{
259259
$form = $this->factory->create('choice', 'na&me', array(
260260
'property_path' => 'name',
261-
'choices' => array('a' => 'Choice A', 'b' => 'Choice B'),
262-
'preferred_choices' => array('b'),
263-
'data' => 'a',
261+
'choices' => array('&a' => 'Choice&A', '&b' => 'Choice&B'),
262+
'preferred_choices' => array('&b'),
263+
'data' => '&a',
264264
'multiple' => false,
265265
'expanded' => false,
266266
));
@@ -269,9 +269,9 @@ public function testSingleChoiceWithPreferred()
269269
'/select
270270
[@name="na&me"]
271271
[
272-
./option[@value="b"][not(@selected)][.="Choice B"]
272+
./option[@value="&b"][not(@selected)][.="Choice&B"]
273273
/following-sibling::option[@disabled="disabled"][not(@selected)][.="-- sep --"]
274-
/following-sibling::option[@value="a"][@selected="selected"][.="Choice A"]
274+
/following-sibling::option[@value="&a"][@selected="selected"][.="Choice&A"]
275275
]
276276
[count(./option)=3]
277277
'
@@ -282,9 +282,9 @@ public function testSingleChoiceNonRequired()
282282
{
283283
$form = $this->factory->create('choice', 'na&me', array(
284284
'property_path' => 'name',
285-
'choices' => array('a' => 'Choice A', 'b' => 'Choice B'),
285+
'choices' => array('&a' => 'Choice&A', '&b' => 'Choice&B'),
286286
'required' => false,
287-
'data' => 'a',
287+
'data' => '&a',
288288
'multiple' => false,
289289
'expanded' => false,
290290
));
@@ -294,8 +294,8 @@ public function testSingleChoiceNonRequired()
294294
[@name="na&me"]
295295
[
296296
./option[@value=""][.=""]
297-
/following-sibling::option[@value="a"][@selected="selected"][.="Choice A"]
298-
/following-sibling::option[@value="b"][not(@selected)][.="Choice B"]
297+
/following-sibling::option[@value="&a"][@selected="selected"][.="Choice&A"]
298+
/following-sibling::option[@value="&b"][not(@selected)][.="Choice&B"]
299299
]
300300
[count(./option)=3]
301301
'
@@ -307,26 +307,26 @@ public function testSingleChoiceGrouped()
307307
$form = $this->factory->create('choice', 'na&me', array(
308308
'property_path' => 'name',
309309
'choices' => array(
310-
'Group1' => array('a' => 'Choice A', 'b' => 'Choice B'),
311-
'Group2' => array('c' => 'Choice C'),
310+
'Group&1' => array('&a' => 'Choice&A', '&b' => 'Choice&B'),
311+
'Group&2' => array('&c' => 'Choice&C'),
312312
),
313-
'data' => 'a',
313+
'data' => '&a',
314314
'multiple' => false,
315315
'expanded' => false,
316316
));
317317

318318
$this->assertWidgetMatchesXpath($form->createView(), array(),
319319
'/select
320320
[@name="na&me"]
321-
[./optgroup[@label="Group1"]
321+
[./optgroup[@label="Group&1"]
322322
[
323-
./option[@value="a"][@selected="selected"][.="Choice A"]
324-
/following-sibling::option[@value="b"][not(@selected)][.="Choice B"]
323+
./option[@value="&a"][@selected="selected"][.="Choice&A"]
324+
/following-sibling::option[@value="&b"][not(@selected)][.="Choice&B"]
325325
]
326326
[count(./option)=2]
327327
]
328-
[./optgroup[@label="Group2"]
329-
[./option[@value="c"][not(@selected)][.="Choice C"]]
328+
[./optgroup[@label="Group&2"]
329+
[./option[@value="&c"][not(@selected)][.="Choice&C"]]
330330
[count(./option)=1]
331331
]
332332
[count(./optgroup)=2]
@@ -338,8 +338,8 @@ public function testMultipleChoice()
338338
{
339339
$form = $this->factory->create('choice', 'na&me', array(
340340
'property_path' => 'name',
341-
'choices' => array('a' => 'Choice A', 'b' => 'Choice B'),
342-
'data' => array('a'),
341+
'choices' => array('&a' => 'Choice&A', '&b' => 'Choice&B'),
342+
'data' => array('&a'),
343343
'multiple' => true,
344344
'expanded' => false,
345345
));
@@ -349,8 +349,8 @@ public function testMultipleChoice()
349349
[@name="na&me[]"]
350350
[@multiple="multiple"]
351351
[
352-
./option[@value="a"][@selected="selected"][.="Choice A"]
353-
/following-sibling::option[@value="b"][not(@selected)][.="Choice B"]
352+
./option[@value="&a"][@selected="selected"][.="Choice&A"]
353+
/following-sibling::option[@value="&b"][not(@selected)][.="Choice&B"]
354354
]
355355
[count(./option)=2]
356356
'
@@ -361,8 +361,8 @@ public function testMultipleChoiceNonRequired()
361361
{
362362
$form = $this->factory->create('choice', 'na&me', array(
363363
'property_path' => 'name',
364-
'choices' => array('a' => 'Choice A', 'b' => 'Choice B'),
365-
'data' => array('a'),
364+
'choices' => array('&a' => 'Choice&A', '&b' => 'Choice&B'),
365+
'data' => array('&a'),
366366
'required' => false,
367367
'multiple' => true,
368368
'expanded' => false,
@@ -373,8 +373,8 @@ public function testMultipleChoiceNonRequired()
373373
[@name="na&me[]"]
374374
[@multiple="multiple"]
375375
[
376-
./option[@value="a"][@selected="selected"][.="Choice A"]
377-
/following-sibling::option[@value="b"][not(@selected)][.="Choice B"]
376+
./option[@value="&a"][@selected="selected"][.="Choice&A"]
377+
/following-sibling::option[@value="&b"][not(@selected)][.="Choice&B"]
378378
]
379379
[count(./option)=2]
380380
'
@@ -385,19 +385,19 @@ public function testSingleChoiceExpanded()
385385
{
386386
$form = $this->factory->create('choice', 'na&me', array(
387387
'property_path' => 'name',
388-
'choices' => array('a' => 'Choice A', 'b' => 'Choice B'),
389-
'data' => 'a',
388+
'choices' => array('&a' => 'Choice&A', '&b' => 'Choice&B'),
389+
'data' => '&a',
390390
'multiple' => false,
391391
'expanded' => true,
392392
));
393393

394394
$this->assertWidgetMatchesXpath($form->createView(), array(),
395395
'/div
396396
[
397-
./input[@type="radio"][@name="na&me"][@id="na&me_a"][@checked]
398-
/following-sibling::label[@for="na&me_a"][.="[trans]Choice A[/trans]"]
399-
/following-sibling::input[@type="radio"][@name="na&me"][@id="na&me_b"][not(@checked)]
400-
/following-sibling::label[@for="na&me_b"][.="[trans]Choice B[/trans]"]
397+
./input[@type="radio"][@name="na&me"][@id="na&me_&a"][@checked]
398+
/following-sibling::label[@for="na&me_&a"][.="[trans]Choice&A[/trans]"]
399+
/following-sibling::input[@type="radio"][@name="na&me"][@id="na&me_&b"][not(@checked)]
400+
/following-sibling::label[@for="na&me_&b"][.="[trans]Choice&B[/trans]"]
401401
]
402402
[count(./input)=2]
403403
'
@@ -408,21 +408,21 @@ public function testMultipleChoiceExpanded()
408408
{
409409
$form = $this->factory->create('choice', 'na&me', array(
410410
'property_path' => 'name',
411-
'choices' => array('a' => 'Choice A', 'b' => 'Choice B', 'c' => 'Choice C'),
412-
'data' => array('a', 'c'),
411+
'choices' => array('&a' => 'Choice&A', '&b' => 'Choice&B', '&c' => 'Choice&C'),
412+
'data' => array('&a', '&c'),
413413
'multiple' => true,
414414
'expanded' => true,
415415
));
416416

417417
$this->assertWidgetMatchesXpath($form->createView(), array(),
418418
'/div
419419
[
420-
./input[@type="checkbox"][@name="na&me[a]"][@id="na&me_a"][@checked]
421-
/following-sibling::label[@for="na&me_a"][.="[trans]Choice A[/trans]"]
422-
/following-sibling::input[@type="checkbox"][@name="na&me[b]"][@id="na&me_b"][not(@checked)]
423-
/following-sibling::label[@for="na&me_b"][.="[trans]Choice B[/trans]"]
424-
/following-sibling::input[@type="checkbox"][@name="na&me[c]"][@id="na&me_c"][@checked]
425-
/following-sibling::label[@for="na&me_c"][.="[trans]Choice C[/trans]"]
420+
./input[@type="checkbox"][@name="na&me[&a]"][@id="na&me_&a"][@checked]
421+
/following-sibling::label[@for="na&me_&a"][.="[trans]Choice&A[/trans]"]
422+
/following-sibling::input[@type="checkbox"][@name="na&me[&b]"][@id="na&me_&b"][not(@checked)]
423+
/following-sibling::label[@for="na&me_&b"][.="[trans]Choice&B[/trans]"]
424+
/following-sibling::input[@type="checkbox"][@name="na&me[&c]"][@id="na&me_&c"][@checked]
425+
/following-sibling::label[@for="na&me_&c"][.="[trans]Choice&C[/trans]"]
426426
]
427427
[count(./input)=3]
428428
'

0 commit comments

Comments
 (0)
0