83 lines
2.0 KiB
PHP
83 lines
2.0 KiB
PHP
<?php
|
||
|
||
/*
|
||
* This file is part of the Symfony package.
|
||
*
|
||
* (c) Fabien Potencier <fabien@symfony.com>
|
||
*
|
||
* For the full copyright and license information, please view the LICENSE
|
||
* file that was distributed with this source code.
|
||
*/
|
||
|
||
namespace Symfony\Component\HtmlSanitizer\TextSanitizer;
|
||
|
||
/**
|
||
* @internal
|
||
*/
|
||
final class StringSanitizer
|
||
{
|
||
private const LOWERCASE = [
|
||
'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
|
||
'abcdefghijklmnopqrstuvwxyz',
|
||
];
|
||
|
||
private const REPLACEMENTS = [
|
||
[
|
||
// """ is shorter than """
|
||
'"',
|
||
|
||
// Fix several potential issues in how browsers interpret attributes values
|
||
'+',
|
||
'=',
|
||
'@',
|
||
'`',
|
||
|
||
// Some DB engines will transform UTF8 full-width characters their classical version
|
||
// if the data is saved in a non-UTF8 field
|
||
'<',
|
||
'>',
|
||
'+',
|
||
'=',
|
||
'@',
|
||
'`',
|
||
],
|
||
[
|
||
'"',
|
||
|
||
'+',
|
||
'=',
|
||
'@',
|
||
'`',
|
||
|
||
'<',
|
||
'>',
|
||
'+',
|
||
'=',
|
||
'@',
|
||
'`',
|
||
],
|
||
];
|
||
|
||
/**
|
||
* Applies a transformation to lowercase following W3C HTML Standard.
|
||
*
|
||
* @see https://w3c.github.io/html-reference/terminology.html#case-insensitive
|
||
*/
|
||
public static function htmlLower(string $string): string
|
||
{
|
||
return strtr($string, self::LOWERCASE[0], self::LOWERCASE[1]);
|
||
}
|
||
|
||
/**
|
||
* Encodes the HTML entities in the given string for safe injection in a document's DOM.
|
||
*/
|
||
public static function encodeHtmlEntities(string $string): string
|
||
{
|
||
return str_replace(
|
||
self::REPLACEMENTS[0],
|
||
self::REPLACEMENTS[1],
|
||
htmlspecialchars($string, \ENT_QUOTES | \ENT_SUBSTITUTE, 'UTF-8')
|
||
);
|
||
}
|
||
}
|