Add escaping in Renderer

devanych · devanych · commit c82a522454f8 · 2020-10-04T11:52:53.000+03:00
diff --git a/src/Renderer.php b/src/Renderer.php
@@ -14,7 +14,6 @@
 use function func_get_arg;
 use function get_class;
 use function htmlspecialchars;
-use function htmlspecialchars_decode;
 use function is_dir;
 use function ltrim;
 use function ob_end_clean;
@@ -245,27 +244,16 @@ public function render(string $view, array $params = []): string
     }
 
     /**
-     * Encodes special characters into HTML entities.
+     * Escapes special characters, converts them to corresponding HTML entities.
      *
-     * @param string $content content to be encoded.
-     * @return string encoded content.
+     * @param string $content content to be escaped.
+     * @return string escaped content.
      */
-    public function encode(string $content): string
+    public function esc(string $content): string
     {
         return htmlspecialchars($content, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8', true);
     }
 
-    /**
-     * Decodes special HTML entities back to the corresponding characters.
-     *
-     * @param string $content content to be decoded.
-     * @return string decoded content.
-     */
-    public function decode(string $content): string
-    {
-        return htmlspecialchars_decode($content, ENT_QUOTES);
-    }
-
     /**
      * Magic method used to call extension functions.
      *
diff --git a/tests/RendererTest.php b/tests/RendererTest.php
@@ -148,11 +148,10 @@ public function testAddGlobalOverwriteFromParams(): void
 
     public function testEncodeAndDecode(): void
     {
-        $decoded = '<script>alert(123);</script>';
-        $encoded = '&lt;script&gt;alert(123);&lt;/script&gt;';
-        $this->assertSame($encoded, $this->renderer->encode($decoded));
-        $this->assertSame($decoded, $this->renderer->decode($encoded));
-        $this->assertSame($decoded, $this->renderer->decode($decoded));
+        $this->assertSame(
+            '&lt;script&gt;alert(123);&lt;/script&gt;',
+            $this->renderer->esc('<script>alert(123);</script>')
+        );
     }
 
     public function testAddExtensionAndCallMagic(): void

Original file line number	Diff line number	Diff line change
`@@ -148,11 +148,10 @@ public function testAddGlobalOverwriteFromParams(): void`
`148`	`148`
`149`	`149`	`public function testEncodeAndDecode(): void`
`150`	`150`	`{`
`151`		`- $decoded = '<script>alert(123);</script>';`
`152`		`- $encoded = '<script>alert(123);</script>';`
`153`		`- $this->assertSame($encoded, $this->renderer->encode($decoded));`
`154`		`- $this->assertSame($decoded, $this->renderer->decode($encoded));`
`155`		`- $this->assertSame($decoded, $this->renderer->decode($decoded));`
	`151`	`+ $this->assertSame(`
	`152`	`+ '<script>alert(123);</script>',`
	`153`	`+ $this->renderer->esc('<script>alert(123);</script>')`
	`154`	`+ );`
`156`	`155`	`}`
`157`	`156`
`158`	`157`	`public function testAddExtensionAndCallMagic(): void`