From d53f6b58b32769f7f5d8a0131c061bf603211906 Mon Sep 17 00:00:00 2001
From: divinity76 <divinity76@gmail.com>
Date: Sun, 17 Mar 2024 23:46:20 +0100
Subject: [PATCH] [1.10] Fix xpath php-string-to-javascript-string (#576)

* fix xpath php-string-to-javascript-string

TL;DR: addslashes() is not the correct way to convert a php-string to a javascript string. json_encode() is.

For example, addslashes will fail on the PHP string "foo".chr(10)."bar" , the old addslashes() will convert it into
"foo
bar"

which is a javascript syntax error.

Previously this code would fail:
$str = "foo".chr(10)."bar";
$xps = new XPathSelector("//span[contains(text(),'" . $str . "')]");
var_dump($xps->expressionCount());

it would generate a javascript syntax error:
string(134) "document.evaluate("//span[contains(text(),\'foo
bar\')]", document, null, XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null).snapshot
Length"

now it generates legal javascript:

string(135) "document.evaluate("\/\/span[contains(text(),'foo\nbar')]", document
, null, XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null).snapshotLength"

* styling

* prettier run-time error messages
---
 src/Dom/Selector/XPathSelector.php | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/Dom/Selector/XPathSelector.php b/src/Dom/Selector/XPathSelector.php
index 5d984def..71981ee2 100644
--- a/src/Dom/Selector/XPathSelector.php
+++ b/src/Dom/Selector/XPathSelector.php
@@ -19,18 +19,11 @@ public function __construct(string $expression)
 
     public function expressionCount(): string
     {
-        return \sprintf(
-            'document.evaluate("%s", document, null, XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null).snapshotLength',
-            \addslashes($this->expression)
-        );
+        return 'document.evaluate('.\json_encode($this->expression, \JSON_THROW_ON_ERROR | \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE).', document, null, XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null).snapshotLength';
     }
 
     public function expressionFindOne(int $position): string
     {
-        return \sprintf(
-            'document.evaluate("%s[%d]", document, null, XPathResult.FIRST_ORDERED_NODE_TYPE, null).singleNodeValue',
-            \addslashes($this->expression),
-            $position
-        );
+        return 'document.evaluate('.\json_encode($this->expression."[{$position}]", \JSON_THROW_ON_ERROR | \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE).', document, null, XPathResult.FIRST_ORDERED_NODE_TYPE, null).singleNodeValue';
     }
 }