smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 09:54:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Generated <script> tags lo longer have deprecated type="text/javascript" or language="Javascript" attributes.

Browse Source 
Fixes #815.
This commit is contained in:
Simon Wisselink
2023-01-31 11:17:41 +01:00
parent 6635a5e3fb
commit 016c9ceb17
7 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -21,6 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Smarty now always runs in multibyte mode, using `symfony/polyfill-mbstring` if required. Please use the - Smarty now always runs in multibyte mode, using `symfony/polyfill-mbstring` if required. Please use the
multibyte extension for optimal performance. multibyte extension for optimal performance.
- Smarty no longer calls `mb_internal_encoding()` and doesn't check for deprecated `mbstring.func_overload` ini directive [#480](https://github.com/smarty-php/smarty/issues/480) - Smarty no longer calls `mb_internal_encoding()` and doesn't check for deprecated `mbstring.func_overload` ini directive [#480](https://github.com/smarty-php/smarty/issues/480)
- Generated `<script>` tags lo longer have deprecated `type="text/javascript"` or `language="Javascript"` attributes [#815](https://github.com/smarty-php/smarty/issues/815)
### Deprecated ### Deprecated
- `$smarty->getPluginsDir()` - `$smarty->getPluginsDir()`

2
docs/designers/language-basic-syntax/language-escaping.md
View File

@@ -73,7 +73,7 @@ Where the template is:
Welcome <!--{$name}--> to Smarty Welcome <!--{$name}--> to Smarty
<script language="javascript"> <script>
var foo = <!--{$foo}-->; var foo = <!--{$foo}-->;
function dosomething() { function dosomething() {
alert("foo is " + foo); alert("foo is " + foo);

6
docs/designers/language-builtin-functions/language-function-ldelim.md
View File

@@ -24,7 +24,7 @@ The above example will output:
Another example with some Javascript Another example with some Javascript
<script language="JavaScript"> <script>
function foo() {ldelim} function foo() {ldelim}
... code ... ... code ...
{rdelim} {rdelim}
@@ -35,7 +35,7 @@ Another example with some Javascript
will output will output
<script language="JavaScript"> <script>
function foo() { function foo() {
.... code ... .... code ...
} }
@@ -44,7 +44,7 @@ will output
<script language="JavaScript" type="text/javascript"> <script>
function myJsFunction(){ldelim} function myJsFunction(){ldelim}
alert("The server name\n{$smarty.server.SERVER_NAME}\n{$smarty.server.SERVER_ADDR}"); alert("The server name\n{$smarty.server.SERVER_NAME}\n{$smarty.server.SERVER_ADDR}");
{rdelim} {rdelim}

4
docs/designers/language-custom-functions/language-function-mailto.md
View File

@@ -30,7 +30,7 @@ spiders to lift email addresses off of a site.
<a href="mailto:me@example.com" >send me some mail</a> <a href="mailto:me@example.com" >send me some mail</a>
{mailto address="me@example.com" encode="javascript"} {mailto address="me@example.com" encode="javascript"}
<script type="text/javascript" language="javascript"> <script>
eval(unescape('%64%6f% ... snipped ...%61%3e%27%29%3b')) eval(unescape('%64%6f% ... snipped ...%61%3e%27%29%3b'))
</script> </script>
@@ -47,7 +47,7 @@ spiders to lift email addresses off of a site.
<a href="mailto:me@example.com" class="email">me@example.com</a> <a href="mailto:me@example.com" class="email">me@example.com</a>
{mailto address="me@example.com" encode="javascript_charcode"} {mailto address="me@example.com" encode="javascript_charcode"}
<script type="text/javascript" language="javascript"> <script>
{document.write(String.fromCharCode(60,97, ... snipped ....60,47,97,62))} {document.write(String.fromCharCode(60,97, ... snipped ....60,47,97,62))}
</script> </script>

4
src/FunctionHandler/Mailto.php
View File

@@ -109,12 +109,12 @@ class Mailto extends Base {
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$js_encode .= '%' . bin2hex($string[$x]); $js_encode .= '%' . bin2hex($string[$x]);
} }
return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>'; return '<script>document.write(unescape(\'' . $js_encode . '\'))</script>';
} elseif ($encode === 'javascript_charcode') { } elseif ($encode === 'javascript_charcode') {
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$ord[] = ord($string[$x]); $ord[] = ord($string[$x]);
} }
return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>'; return '<script>document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>';
} elseif ($encode === 'hex') { } elseif ($encode === 'hex') {
preg_match('!^(.*)(\?.*)$!', $address, $match); preg_match('!^(.*)(\?.*)$!', $address, $match);
if (!empty($match[2])) { if (!empty($match[2])) {

2
src/debug.tpl
View File

@@ -166,7 +166,7 @@
</body> </body>
</html> </html>
{/capture} {/capture}
<script type="text/javascript"> <script>
{$id = '__Smarty__'} {$id = '__Smarty__'}
{if $display_mode}{$id = "$offset$template_name"|md5}{/if} {if $display_mode}{$id = "$offset$template_name"|md5}{/if}
_smarty_console = window.open("", "console{$id}", "width=1024,height=600,left={$offset},top={$offset},resizable,scrollbars=yes"); _smarty_console = window.open("", "console{$id}", "width=1024,height=600,left={$offset},top={$offset},resizable,scrollbars=yes");

6
tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionMailtoTest.php
View File

@@ -36,14 +36,14 @@ class PluginFunctionMailtoTest extends PHPUnit_Smarty
public function testEncodeJavascript() public function testEncodeJavascript()
{ {
$result = '<script type="text/javascript">document.write(unescape(\'%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%22%20%3e%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%3c%2f%61%3e\'))</script>'; $result = '<script>document.write(unescape(\'%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%22%20%3e%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%3c%2f%61%3e\'))</script>';
$tpl = $this->smarty->createTemplate('eval:{mailto address="me@example.com" encode="javascript"}'); $tpl = $this->smarty->createTemplate('eval:{mailto address="me@example.com" encode="javascript"}');
$this->assertEquals(str_replace("\r", '', $result), $this->smarty->fetch($tpl)); $this->assertEquals(str_replace("\r", '', $result), $this->smarty->fetch($tpl));
} }
public function testEncodeJavascriptCharcode() public function testEncodeJavascriptCharcode()
{ {
$result = '<script type="text/javascript">document.write(String.fromCharCode(60,97,32,104,114,101,102,61,34,109,97,105,108,116,111,58,109,101,64,101,120,97,109,112,108,101,46,99,111,109,34,32,62,109,101,64,101,120,97,109,112,108,101,46,99,111,109,60,47,97,62))</script>'; $result = '<script>document.write(String.fromCharCode(60,97,32,104,114,101,102,61,34,109,97,105,108,116,111,58,109,101,64,101,120,97,109,112,108,101,46,99,111,109,34,32,62,109,101,64,101,120,97,109,112,108,101,46,99,111,109,60,47,97,62))</script>';
$tpl = $this->smarty->createTemplate('eval:{mailto address="me@example.com" encode="javascript_charcode"}'); $tpl = $this->smarty->createTemplate('eval:{mailto address="me@example.com" encode="javascript_charcode"}');
$this->assertEquals(str_replace("\r", '', $result), $this->smarty->fetch($tpl)); $this->assertEquals(str_replace("\r", '', $result), $this->smarty->fetch($tpl));
} }
@@ -85,7 +85,7 @@ class PluginFunctionMailtoTest extends PHPUnit_Smarty
public function testJavascriptChars() public function testJavascriptChars()
{ {
$result = '<script type="text/javascript">document.write(unescape(\'%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%71%75%6f%74%3b%26%67%74%3b%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%23%30%33%39%3b%29%3b%20%61%6c%65%72%74%28%26%71%75%6f%74%3b%69%6e%6a%65%63%74%69%6f%6e%26%71%75%6f%74%3b%29%3b%20%2f%2f%22%20%3e%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%71%75%6f%74%3b%26%67%74%3b%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%23%30%33%39%3b%29%3b%20%61%6c%65%72%74%28%26%71%75%6f%74%3b%69%6e%6a%65%63%74%69%6f%6e%26%71%75%6f%74%3b%29%3b%20%2f%2f%3c%2f%61%3e\'))</script>'; $result = '<script>document.write(unescape(\'%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%71%75%6f%74%3b%26%67%74%3b%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%23%30%33%39%3b%29%3b%20%61%6c%65%72%74%28%26%71%75%6f%74%3b%69%6e%6a%65%63%74%69%6f%6e%26%71%75%6f%74%3b%29%3b%20%2f%2f%22%20%3e%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%71%75%6f%74%3b%26%67%74%3b%6d%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%26%23%30%33%39%3b%29%3b%20%61%6c%65%72%74%28%26%71%75%6f%74%3b%69%6e%6a%65%63%74%69%6f%6e%26%71%75%6f%74%3b%29%3b%20%2f%2f%3c%2f%61%3e\'))</script>';
$this->smarty->assign('address', 'me@example.com">me@example.com\'); alert("injection"); //'); $this->smarty->assign('address', 'me@example.com">me@example.com\'); alert("injection"); //');
$tpl = $this->smarty->createTemplate('eval:{mailto address=$address encode=javascript}'); $tpl = $this->smarty->createTemplate('eval:{mailto address=$address encode=javascript}');
$this->assertEquals(str_replace("\r", '', $result), $this->smarty->fetch($tpl)); $this->assertEquals(str_replace("\r", '', $result), $this->smarty->fetch($tpl));