diff --git a/src/Chartjs/tests/Twig/ChartExtensionTest.php b/src/Chartjs/tests/Twig/ChartExtensionTest.php
index 03472690cbf..0f3ae34e8b0 100644
--- a/src/Chartjs/tests/Twig/ChartExtensionTest.php
+++ b/src/Chartjs/tests/Twig/ChartExtensionTest.php
@@ -56,7 +56,7 @@ public function testRenderChart()
);
$this->assertSame(
- '',
+ '',
$rendered
);
}
diff --git a/src/LiveComponent/tests/Unit/Twig/LiveComponentRuntimeTest.php b/src/LiveComponent/tests/Unit/Twig/LiveComponentRuntimeTest.php
index 30c3ba8cbbf..01f067c08fa 100644
--- a/src/LiveComponent/tests/Unit/Twig/LiveComponentRuntimeTest.php
+++ b/src/LiveComponent/tests/Unit/Twig/LiveComponentRuntimeTest.php
@@ -28,17 +28,15 @@ public function testGetLiveAction(): void
$this->assertSame('data-action="live#action" data-live-prop1-param="val1" data-live-some-prop-param="val2" data-live-action-param="action-name"', $props);
$props = $runtime->liveAction('action-name', ['prop1' => 'val1', 'prop2' => 'val2'], ['debounce' => 300]);
- $this->assertSame('data-action="live#action" data-live-prop1-param="val1" data-live-prop2-param="val2" data-live-action-param="debounce(300)|action-name"', html_entity_decode($props));
- $this->assertSame('data-action="live#action" data-live-prop1-param="val1" data-live-prop2-param="val2" data-live-action-param="debounce(300)|action-name"', $props);
+ $this->assertSame('data-action="live#action" data-live-prop1-param="val1" data-live-prop2-param="val2" data-live-action-param="debounce(300)|action-name"', $props);
$props = $runtime->liveAction('action-name:prevent', ['pro1' => 'val1', 'prop2' => 'val2'], ['debounce' => 300]);
- $this->assertSame('data-action="live#action:prevent" data-live-pro1-param="val1" data-live-prop2-param="val2" data-live-action-param="debounce(300)|action-name"', html_entity_decode($props));
- $this->assertSame('data-action="live#action:prevent" data-live-pro1-param="val1" data-live-prop2-param="val2" data-live-action-param="debounce(300)|action-name"', $props);
+ $this->assertSame('data-action="live#action:prevent" data-live-pro1-param="val1" data-live-prop2-param="val2" data-live-action-param="debounce(300)|action-name"', $props);
$props = $runtime->liveAction('action-name:prevent', [], ['debounce' => 300]);
- $this->assertSame('data-action="live#action:prevent" data-live-action-param="debounce(300)|action-name"', html_entity_decode($props));
+ $this->assertSame('data-action="live#action:prevent" data-live-action-param="debounce(300)|action-name"', $props);
$props = $runtime->liveAction('action-name', [], [], 'keydown.esc');
- $this->assertSame('data-action="keydown.esc->live#action" data-live-action-param="action-name"', html_entity_decode($props));
+ $this->assertSame('data-action="keydown.esc->live#action" data-live-action-param="action-name"', $props);
}
}
diff --git a/src/Notify/tests/Twig/NotifyRuntimeTest.php b/src/Notify/tests/Twig/NotifyRuntimeTest.php
index 7f21970fa61..8c3b3786337 100644
--- a/src/Notify/tests/Twig/NotifyRuntimeTest.php
+++ b/src/Notify/tests/Twig/NotifyRuntimeTest.php
@@ -39,13 +39,13 @@ public function testStreamNotifications(array $params, string $expected)
public static function streamNotificationsDataProvider(): iterable
{
- $publicUrl = 'http://localhost:9090/.well-known/mercure';
+ $publicUrl = 'http://localhost:9090/.well-known/mercure';
yield [
[['/topic/1', '/topic/2']],
'',
];
@@ -54,7 +54,7 @@ public static function streamNotificationsDataProvider(): iterable
['/topic/1'],
'',
];
@@ -63,7 +63,7 @@ public static function streamNotificationsDataProvider(): iterable
[],
'',
];
diff --git a/src/React/tests/Twig/ReactComponentExtensionTest.php b/src/React/tests/Twig/ReactComponentExtensionTest.php
index aae2d6b6b6a..9fbf8c8b0a3 100644
--- a/src/React/tests/Twig/ReactComponentExtensionTest.php
+++ b/src/React/tests/Twig/ReactComponentExtensionTest.php
@@ -36,7 +36,7 @@ public function testRenderComponent()
);
$this->assertSame(
- 'data-controller="symfony--ux-react--react" data-symfony--ux-react--react-component-value="SubDir/MyComponent" data-symfony--ux-react--react-props-value="{"fullName":"Titouan Galopin"}"',
+ 'data-controller="symfony--ux-react--react" data-symfony--ux-react--react-component-value="SubDir/MyComponent" data-symfony--ux-react--react-props-value="{"fullName":"Titouan Galopin"}"',
$rendered
);
}
@@ -52,7 +52,7 @@ public function testRenderComponentWithoutProps()
$rendered = $extension->renderReactComponent('SubDir/MyComponent');
$this->assertSame(
- 'data-controller="symfony--ux-react--react" data-symfony--ux-react--react-component-value="SubDir/MyComponent"',
+ 'data-controller="symfony--ux-react--react" data-symfony--ux-react--react-component-value="SubDir/MyComponent"',
$rendered
);
}
diff --git a/src/StimulusBundle/src/Dto/StimulusAttributes.php b/src/StimulusBundle/src/Dto/StimulusAttributes.php
index 1b477172260..cd51708e197 100644
--- a/src/StimulusBundle/src/Dto/StimulusAttributes.php
+++ b/src/StimulusBundle/src/Dto/StimulusAttributes.php
@@ -108,18 +108,18 @@ public function addAttribute(string $name, string $value): void
public function __toString(): string
{
$controllers = array_map(function (string $controllerName): string {
- return $this->escapeAsHtmlAttr($controllerName);
+ return $this->escape($controllerName, 'html');
}, $this->controllers);
// done separately so we can escape, but avoid escaping ->
$actions = array_map(function (array $actionData): string {
- $controllerName = $this->escapeAsHtmlAttr($actionData['controllerName']);
- $actionName = $this->escapeAsHtmlAttr($actionData['actionName']);
+ $controllerName = $actionData['controllerName'];
+ $actionName = $actionData['actionName'];
$eventName = $actionData['eventName'];
- $action = $controllerName.'#'.$actionName;
+ $action = $this->escape($controllerName.'#'.$actionName, 'html');
if (null !== $eventName) {
- $action = $this->escapeAsHtmlAttr($eventName).'->'.$action;
+ $action = $this->escape($eventName, 'html').'->'.$action;
}
return $action;
@@ -129,7 +129,7 @@ public function __toString(): string
foreach ($this->targets as $key => $targetNamesString) {
$targetNames = explode(' ', $targetNamesString);
$targets[$key] = implode(' ', array_map(function (string $targetName): string {
- return $this->escapeAsHtmlAttr($targetName);
+ return $this->escape($targetName, 'html');
}, $targetNames));
}
@@ -152,7 +152,7 @@ public function __toString(): string
return rtrim(implode(' ', [
...$attributes,
...array_map(function (string $attribute, string $value): string {
- return $attribute.'="'.$this->escapeAsHtmlAttr($value).'"';
+ return $attribute.'="'.$this->escape($value, 'html').'"';
}, array_keys($this->attributes), $this->attributes),
]));
}
@@ -193,7 +193,7 @@ public function toEscapedArray(): array
{
$escaped = [];
foreach ($this->toArray() as $key => $value) {
- $escaped[$key] = $this->escapeAsHtmlAttr($value);
+ $escaped[$key] = $this->escape($value, 'html');
}
return $escaped;
@@ -212,18 +212,18 @@ private function getFormattedValue(mixed $value): string
return (string) $value;
}
- private function escapeAsHtmlAttr(mixed $value): string
+ private function escape(mixed $value, string $strategy): string
{
if (class_exists(EscaperRuntime::class)) {
- return $this->env->getRuntime(EscaperRuntime::class)->escape($value, 'html_attr');
+ return $this->env->getRuntime(EscaperRuntime::class)->escape($value, $strategy);
}
if (method_exists(EscaperExtension::class, 'escape')) {
- return EscaperExtension::escape($this->env, $value, 'html_attr');
+ return EscaperExtension::escape($this->env, $value, $strategy);
}
// since twig/twig 3.9.0: Using the internal "twig_escape_filter" function is deprecated.
- return (string) twig_escape_filter($this->env, $value, 'html_attr');
+ return (string) twig_escape_filter($this->env, $value, $strategy);
}
/**
diff --git a/src/StimulusBundle/tests/Dto/StimulusAttributesTest.php b/src/StimulusBundle/tests/Dto/StimulusAttributesTest.php
index 63393d99cd9..17527a3491c 100644
--- a/src/StimulusBundle/tests/Dto/StimulusAttributesTest.php
+++ b/src/StimulusBundle/tests/Dto/StimulusAttributesTest.php
@@ -145,7 +145,7 @@ public function testIsTraversable()
public function testAddAttribute()
{
$this->stimulusAttributes->addAttribute('foo', 'bar baz');
- $this->assertSame('foo="bar baz"', (string) $this->stimulusAttributes);
+ $this->assertSame('foo="bar baz"', (string) $this->stimulusAttributes);
$this->assertSame(['foo' => 'bar baz'], $this->stimulusAttributes->toArray());
}
}
diff --git a/src/StimulusBundle/tests/Twig/StimulusTwigExtensionTest.php b/src/StimulusBundle/tests/Twig/StimulusTwigExtensionTest.php
index 41793ed5efc..0e8cdbf8893 100644
--- a/src/StimulusBundle/tests/Twig/StimulusTwigExtensionTest.php
+++ b/src/StimulusBundle/tests/Twig/StimulusTwigExtensionTest.php
@@ -135,8 +135,8 @@ public function testAppendStimulusController(): void
$extension = new StimulusTwigExtension(new StimulusHelper($this->twig));
$dto = $extension->renderStimulusController('my-controller', ['myValue' => 'scalar-value']);
$this->assertSame(
- 'data-controller="my-controller another-controller" data-my-controller-my-value-value="scalar-value" data-another-controller-another-value-value="scalar-value 2"',
- (string) $extension->appendStimulusController($dto, 'another-controller', ['another-value' => 'scalar-value 2']),
+ 'data-controller="my-controller another-controller" data-my-controller-my-value-value="scalar-value" data-another-controller-another-value-value="scalar-value 2" data-another-controller-json-value-value="{"key":"Value with quotes ' and \"."}"',
+ (string) $extension->appendStimulusController($dto, 'another-controller', ['another-value' => 'scalar-value 2', 'jsonValue' => json_encode(['key' => 'Value with quotes \' and ".'])]),
);
}
diff --git a/src/TwigComponent/tests/Unit/ComponentAttributesTest.php b/src/TwigComponent/tests/Unit/ComponentAttributesTest.php
index 5e22ac737c8..8ed7aa4f004 100644
--- a/src/TwigComponent/tests/Unit/ComponentAttributesTest.php
+++ b/src/TwigComponent/tests/Unit/ComponentAttributesTest.php
@@ -147,7 +147,7 @@ public function testCanAddStimulusControllerViaStimulusAttributes(): void
'data-controller' => 'foo live',
'data-live-data-value' => '{}',
'data-foo-name-value' => 'ryan',
- 'data-foo-some-array-value' => '["a","b"]',
+ 'data-foo-some-array-value' => '["a","b"]',
], $attributes->all());
}
diff --git a/src/Vue/tests/Twig/VueComponentExtensionTest.php b/src/Vue/tests/Twig/VueComponentExtensionTest.php
index 3c618cca2e6..6a539395d4d 100644
--- a/src/Vue/tests/Twig/VueComponentExtensionTest.php
+++ b/src/Vue/tests/Twig/VueComponentExtensionTest.php
@@ -37,7 +37,7 @@ public function testRenderComponent()
);
$this->assertSame(
- 'data-controller="symfony--ux-vue--vue" data-symfony--ux-vue--vue-component-value="SubDir/MyComponent" data-symfony--ux-vue--vue-props-value="{"fullName":"Titouan Galopin"}"',
+ 'data-controller="symfony--ux-vue--vue" data-symfony--ux-vue--vue-component-value="SubDir/MyComponent" data-symfony--ux-vue--vue-props-value="{"fullName":"Titouan Galopin"}"',
$rendered
);
}
@@ -53,7 +53,7 @@ public function testRenderComponentWithoutProps()
$rendered = $extension->renderVueComponent('SubDir/MyComponent');
$this->assertSame(
- 'data-controller="symfony--ux-vue--vue" data-symfony--ux-vue--vue-component-value="SubDir/MyComponent"',
+ 'data-controller="symfony--ux-vue--vue" data-symfony--ux-vue--vue-component-value="SubDir/MyComponent"',
$rendered
);
}