search

laminas / laminas-escaper

Securely and safely escape HTML, HTML attributes, JavaScript, CSS, and URLs
https://docs.laminas.dev/laminas-escaper/
BSD 3-Clause "New" or "Revised" License
191 stars 20 forks source link

Escaper - htmlAttrMatcher gives a wrong encoding #5

Open weierophinney opened 4 years ago

weierophinney commented 4 years ago

This issue has been moved from the zendframework repository as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.html

Original Issue: https://api.github.com/repos/zendframework/zendframework/issues/7621 User: @esase Created On: 2015-08-28T16:08:25Z Updated At: 2015-11-06T22:20:41Z Body I didn't see this trouble before but when I updated my Zend with the latest 2.5.1 I see the very strange behaviour. All form elements show me Chines characters like this 킞톂킿톀킰킲킸톂톌 instead of Войти (Russian) e.g.

It happens only on windows platform, on Linux everything is ok. My work environment is: OS: Windows PHP: 5.4.12 Site locale: ru_RU

I found this issue here - zend-escaper\src\Escaper.php in htmlAttrMatcher($matches) method

PS: For English everything is ok

Comment

User: @esase Created On: 2015-08-31T06:37:51Z Updated At: 2015-08-31T06:37:51Z Body Anyone?

Originally posted by @GeeH at https://github.com/zendframework/zend-escaper/issues/17

weierophinney commented 4 years ago

Having same issue. Updated to last version. Any recommendations?

Originally posted by @smilingcheater at https://github.com/zendframework/zend-escaper/issues/17#issuecomment-254753797

weierophinney commented 4 years ago

I have this problem too. Is there a solution?

Originally posted by @potkot at https://github.com/zendframework/zend-escaper/issues/17#issuecomment-354242897

weierophinney commented 4 years ago

@potkot I overrided exist escaper with my own. In module.config.php added:

'view_helpers' => [ 'factories' => [ \App\View\Helper\EscapeHtmlAttr::class => InvokableFactory::class, ], 'aliases' => [ 'escapehtmlattr' => \App\View\Helper\EscapeHtmlAttr::class, ] ]

and created new helper:

namespace App\View\Helper; class EscapeHtmlAttr extends \Zend\View\Helper\EscapeHtmlAttr { protected function escape($value) { return htmlspecialchars($value); } }

Originally posted by @smilingcheater at https://github.com/zendframework/zend-escaper/issues/17#issuecomment-356230008

weierophinney commented 4 years ago

The correct solution is to pass in utf8 strings, as expected. A test case is needed if this persists.

Originally posted by @Ocramius at https://github.com/zendframework/zend-escaper/issues/17#issuecomment-356230628

weierophinney commented 4 years ago

@smilingcheater Thank you very much! Working solution!

Originally posted by @potkot at https://github.com/zendframework/zend-escaper/issues/17#issuecomment-357204963

weierophinney commented 4 years ago

No, that's a workaround, and an un-proven one.

Write a test please, then the workaround can be verified against the existing test suite and the new test.

Originally posted by @Ocramius at https://github.com/zendframework/zend-escaper/issues/17#issuecomment-357220650