Skip to content

Commit b4d3c68

Browse files
withinboredomwithinboredom
committed
prevent attributes from leaking
1 parent 2f49185 commit b4d3c68

1 file changed

Lines changed: 10 additions & 6 deletions

File tree

src/Template/Parser/StreamingCompiler.php

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ private function renderCharacterReference($document): Document
112112

113113
private function escapeData(int $selectionStart, Document $document): Closure
114114
{
115-
if($this->blockAttributes) {
115+
if ($this->blockAttributes) {
116116
return static fn(Closure $x) => $x($document);
117117
}
118118
$end = $document->mark() - 1;
@@ -426,13 +426,17 @@ private function renderOpenTagName(Document $document): Document
426426
$starting = $document->mark();
427427
$this->lastTagOpenOpen = $starting - 1;
428428

429+
if (!$this->blockAttributes) {
430+
$this->attributes = [];
431+
}
432+
429433
$document = $this->renderTagName($document);
430434

431435
switch ($tag = mb_strtolower($this->nameBuffer)) {
432436
case 'title':
433437
case 'textarea':
434438
$this->mustMatch = $tag;
435-
if($this->blockAttributes) {
439+
if ($this->blockAttributes) {
436440
return $this->renderRCData($document);
437441
}
438442
$now = $document->mark();
@@ -441,7 +445,7 @@ private function renderOpenTagName(Document $document): Document
441445
->insert($this->blobber->replaceBlobs($output, $this->escaper->escapeHtml(...)), $now);
442446
case 'style':
443447
$this->mustMatch = $tag;
444-
if($this->blockAttributes) {
448+
if ($this->blockAttributes) {
445449
return $this->renderRawText($document);
446450
}
447451
$now = $document->mark();
@@ -456,7 +460,7 @@ private function renderOpenTagName(Document $document): Document
456460
case 'plaintext':
457461
case 'noframes':
458462
$this->mustMatch = $tag;
459-
if($this->blockAttributes) {
463+
if ($this->blockAttributes) {
460464
return $this->renderRawText($document);
461465
}
462466
$now = $document->mark();
@@ -465,7 +469,7 @@ private function renderOpenTagName(Document $document): Document
465469
->insert($this->blobber->replaceBlobs($output, $this->escaper->escapeHtml(...)), $now);
466470
case 'script':
467471
$this->mustMatch = $tag;
468-
if($this->blockAttributes) {
472+
if ($this->blockAttributes) {
469473
return $this->renderScriptData($document);
470474
}
471475
$now = $document->mark();
@@ -1195,7 +1199,7 @@ private function renderAfterAttributeValueQuoted(Document $document): Document
11951199

11961200
private function processAttributes(Document $document): Document
11971201
{
1198-
if($this->blockAttributes) {
1202+
if ($this->blockAttributes) {
11991203
return $document;
12001204
}
12011205

0 commit comments

Comments
 (0)