diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php
index 03c1c19a66c0ff89bcce4c0c8ddcf415dfef72d2..f1425497196b00e86189a1f3ca24b1ee6ca54b3a 100644
--- a/lib/internal/Magento/Framework/Escaper.php
+++ b/lib/internal/Magento/Framework/Escaper.php
@@ -10,35 +10,19 @@ namespace Magento\Framework;
*/
class Escaper
{
- const HTMLSPECIALCHARS_FLAG = ENT_QUOTES | ENT_SUBSTITUTE;
-
/**
* @var \Zend\Escaper\Escaper
*/
- private $zendEscaper;
-
- /**
- * @param void
- * @return \Magento\Framework\Escaper
- */
- private function getZendEscaper()
- {
- if ($this->zendEscaper === null) {
- $this->zendEscaper =
- \Magento\Framework\App\ObjectManager::getInstance()
- ->get(\Magento\Framework\ZendEscaper::class);
- }
- return $this->zendEscaper;
- }
+ private $escaper;
/**
- * Escape html entities
+ * Escape HTML entities
*
- * @param string|array $data
- * @param array $allowedTags
+ * @param string|array $data
+ * @param array $allowedTags
* @return string|array
*/
- public function escapeHtml($data, $allowedTags = null)
+ public function escapeHtml($data, $allowedTags = [])
{
if (is_array($data)) {
$result = [];
@@ -46,13 +30,13 @@ class Escaper
$result[] = $this->escapeHtml($item);
}
} elseif (strlen($data)) {
- if (is_array($allowedTags) and !empty($allowedTags)) {
+ if (is_array($allowedTags) && !empty($allowedTags)) {
$allowed = implode('|', $allowedTags);
$result = preg_replace('/<([\/\s\r\n]*)(' . $allowed . ')([\/\s\r\n]*)>/si', '##$1$2$3##', $data);
- $result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8', false);
+ $result = htmlspecialchars($result, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8', false);
$result = preg_replace('/##([\/\s\r\n]*)(' . $allowed . ')([\/\s\r\n]*)##/si', '<$1$2$3>', $result);
} else {
- $result = htmlspecialchars($data, ENT_COMPAT, 'UTF-8', false);
+ $result = htmlspecialchars($data, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8', false);
}
} else {
$result = $data;
@@ -61,43 +45,36 @@ class Escaper
}
/**
- * Escape a string for the HTML Attribute context.
+ * Escape a string for the HTML attribute context
*
- * @param string $data
+ * @param string $string
* @return string
*/
- public function escapeHtmlAttr($data) {
- return $this->getZendEscaper()->escapeHtmlAttr($data);
+ public function escapeHtmlAttr($string)
+ {
+ return $this->getEscaper()->escapeHtmlAttr($string);
}
/**
- * Escape html entities in url
+ * Escape URL
*
- * @param string $data
+ * @param string $string
* @return string
*/
- public function escapeUrl($data)
+ public function escapeUrl($string)
{
- return htmlspecialchars($data, ENT_COMPAT, 'UTF-8', false);
+ return $this->escapeHtml($this->escapeXssInUrl($string));
}
/**
- * Escapes data for the Javascript context
+ * Escape string for the JavaScript context
*
- * @param string|array $data
- * @return array|string
+ * @param string $string
+ * @return string
*/
- public function escapeJs($data)
+ public function escapeJs($string)
{
- if (is_array($data)) {
- $result = [];
- foreach ($data as $item) {
- $result[] = $this->getZendEscaper()->escapeJs($item);
- }
- } else {
- $result = $this->getZendEscaper()->escapeJs($data);
- }
- return $result;
+ return $this->getEscaper()->escapeJs($string);
}
/**
@@ -106,7 +83,6 @@ class Escaper
* @param string|array $data
* @param string $quote
* @return string|array
- *
* @deprecated
*/
public function escapeJsQuote($data, $quote = '\'')
@@ -128,7 +104,6 @@ class Escaper
*
* @param string $data
* @return string
- *
* @deprecated
*/
public function escapeXssInUrl($data)
@@ -147,7 +122,6 @@ class Escaper
* @param string $data
* @param bool $addSlashes
* @return string
- *
* @deprecated
*/
public function escapeQuote($data, $addSlashes = false)
@@ -157,4 +131,20 @@ class Escaper
}
return htmlspecialchars($data, ENT_QUOTES, null, false);
}
+
+ /**
+ * Get escaper
+ *
+ * @param void
+ * @return \Magento\Framework\Escaper
+ * @deprecated
+ */
+ private function getEscaper()
+ {
+ if ($this->escaper == null) {
+ $this->escaper = \Magento\Framework\App\ObjectManager::getInstance()
+ ->get(\Magento\Framework\ZendEscaper::class);
+ }
+ return $this->escaper;
+ }
}
diff --git a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php
index 7fca848f56930eab284015855703f24864bb68c2..915d3dffe4ec8f23c653ae38db9833c4cc942a7a 100644
--- a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php
+++ b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php
@@ -28,7 +28,7 @@ class EscaperTest extends \PHPUnit_Framework_TestCase
$this->_escaper = new Escaper();
$this->zendEscaper = new \Magento\Framework\ZendEscaper();
$objectManagerHelper = new ObjectManager($this);
- $objectManagerHelper->setBackwardCompatibleProperty($this->_escaper, 'zendEscaper', $this->zendEscaper);
+ $objectManagerHelper->setBackwardCompatibleProperty($this->_escaper, 'escaper', $this->zendEscaper);
}
/**
diff --git a/lib/internal/Magento/Framework/View/Element/AbstractBlock.php b/lib/internal/Magento/Framework/View/Element/AbstractBlock.php
index bed41de2012066b9c6526d75370c6f703449c8b1..8e4b4bd32bec1fe44806387e8eae643eff700d5b 100644
--- a/lib/internal/Magento/Framework/View/Element/AbstractBlock.php
+++ b/lib/internal/Magento/Framework/View/Element/AbstractBlock.php
@@ -865,33 +865,37 @@ abstract class AbstractBlock extends \Magento\Framework\DataObject implements Bl
}
/**
- * Escape html entities
+ * Escape HTML entities
*
* @param string|array $data
* @param array|null $allowedTags
* @return string
*/
- public function escapeHtml($data, $allowedTags = null)
+ public function escapeHtml($data, $allowedTags = [])
{
return $this->_escaper->escapeHtml($data, $allowedTags);
}
/**
- * @param string $data
+ * Escape string for the JavaScript context
+ *
+ * @param string $string
* @return string
*/
- public function escapeJs($data)
+ public function escapeJs($string)
{
- return $this->_escaper->escapeJs($data);
+ return $this->_escaper->escapeJs($string);
}
/**
- * @param string $data
+ * Escape a string for the HTML attribute context
+ *
+ * @param string $string
* @return string
*/
- public function escapeHtmlAttr($data)
+ public function escapeHtmlAttr($string)
{
- return $this->_escaper->escapeHtmlAttr($data);
+ return $this->_escaper->escapeHtmlAttr($string);
}
/**
@@ -911,14 +915,14 @@ abstract class AbstractBlock extends \Magento\Framework\DataObject implements Bl
}
/**
- * Escape html entities in url
+ * Escape URL
*
- * @param string $data
+ * @param string $string
* @return string
*/
- public function escapeUrl($data)
+ public function escapeUrl($string)
{
- return $this->_escaper->escapeUrl($data);
+ return $this->_escaper->escapeUrl($string);
}
/**
@@ -926,6 +930,7 @@ abstract class AbstractBlock extends \Magento\Framework\DataObject implements Bl
*
* @param string $data
* @return string
+ * @deprecated
*/
public function escapeXssInUrl($data)
{
@@ -940,6 +945,7 @@ abstract class AbstractBlock extends \Magento\Framework\DataObject implements Bl
* @param string $data
* @param bool $addSlashes
* @return string
+ * @deprecated
*/
public function escapeQuote($data, $addSlashes = false)
{
@@ -952,6 +958,7 @@ abstract class AbstractBlock extends \Magento\Framework\DataObject implements Bl
* @param string|array $data
* @param string $quote
* @return string|array
+ * @deprecated
*/
public function escapeJsQuote($data, $quote = '\'')
{