Closed weierophinney closed 4 years ago
@mamont77 are you running the latest version? Escaping should be applied there...
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-20936691
@Ocramius, yes. I'am using latest master.
Originally posted by @mamont77 at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-20968157
Could you please paste the HTML generated by the toolbar? I didn't find the location where the output would not be correctly escaped..
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21017927
Sorry, I could not attach a file, unsupported format. Temporarily added to my repository. https://github.com/mamont77/fcontrol/blob/master/temp.html
Originally posted by @mamont77 at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21024253
@mamont77 if I get this correctly, it's a problem in Zend\Debug
itself.
The problems are at https://github.com/mamont77/fcontrol/blob/master/temp.html#L367, right?
If so, then this issue should be opened against Zend\Debug
with a small test array (nothing fancy, just those weird keys).
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21025439
@Ocramius I'm not convinced by your analysis. Zend\Debug\Debug::dump()
does the following:
<pre>
tags.Zend\Escaper\Escaper
instance, and calls escapeHtml()
to escape the output, before wrapping in <pre>
tags.Based on the configuration dumped, I'd argue it's a problem with Escaper
, to be honest -- there are clearly <
and >
characters not being escaped.
Originally posted by @weierophinney at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21198482
@weierophinney no analysis: I just stopped after finding out that it's not ZDT ;)
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21201213
Odd -- I took the relevant parts of the configuration:
and wrote a test to see if the values were being escaped. They were. In fact, all quotes, all angle brackets, and a number of other characters were being escaped for HTML.
This makes me wonder if it's either (a) browser-specific, or (b) an issue with how the JS library is handling the data.
Originally posted by @weierophinney at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21211465
Escaped contents should already handled in laminas-developer-tools ^1.3.1 || ^2.0.2. If you found the problem persist, please re-create issue.
Closing.
Hi. Broken page because the code is displayed unescaped. It seems there is a problem in ConfigCollector::unserializeArray().
Originally posted by @mamont77 at https://github.com/zendframework/zend-developer-tools/issues/116