You are here

Home » API reference » Zircon Profile 8.0 » escapingTest.php » Twig_Test_EscapingTest

public function Twig_Test_EscapingTest::testHtmlAttributeEscapingEscapesOwaspRecommendedRanges in Zircon Profile 8.0

Same name and namespace in other branches
  1. 8 vendor/twig/twig/test/Twig/Tests/escapingTest.php \Twig_Test_EscapingTest::testHtmlAttributeEscapingEscapesOwaspRecommendedRanges()

File

vendor/twig/twig/test/Twig/Tests/escapingTest.php, line 279

Class

Twig_Test_EscapingTest
This class is adapted from code coming from Zend Framework.

Code

public function testHtmlAttributeEscapingEscapesOwaspRecommendedRanges() {
  $immune = array(
    ',',
    '.',
    '-',
    '_',
  );

  // Exceptions to escaping ranges
  for ($chr = 0; $chr < 0xff; ++$chr) {
    if ($chr >= 0x30 && $chr <= 0x39 || $chr >= 0x41 && $chr <= 0x5a || $chr >= 0x61 && $chr <= 0x7a) {
      $literal = $this
        ->codepointToUtf8($chr);
      $this
        ->assertEquals($literal, twig_escape_filter($this->env, $literal, 'html_attr'));
    }
    else {
      $literal = $this
        ->codepointToUtf8($chr);
      if (in_array($literal, $immune)) {
        $this
          ->assertEquals($literal, twig_escape_filter($this->env, $literal, 'html_attr'));
      }
      else {
        $this
          ->assertNotEquals($literal, twig_escape_filter($this->env, $literal, 'html_attr'), "{$literal} should be escaped!");
      }
    }
  }
}