Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Escape absolute/scheme-relative URLs too.

Closes cakephp/cakephp#15969
ADmad 4 years ago
parent
219de3bab0
commit
2d449a0f31
2 changed files with 19 additions and 12 deletions
Split View Show Diff Stats
  1. 5 10
      src/View/Helper/HtmlHelper.php
  2. 14 2
      tests/TestCase/View/Helper/HtmlHelperTest.php

+ 5 - 10
src/View/Helper/HtmlHelper.php
View File 

@@ -395,12 +395,8 @@ class HtmlHelper extends Helper
 
             return null;
 
         }
 
 
-        if (strpos($path, '//') !== false) {
 
-            $url = $path;
 
-        } else {
 
-            $url = $this->Url->css($path, $options);
 
-            $options = array_diff_key($options, ['fullBase' => null, 'pathPrefix' => null]);
 
-        }
 
+        $url = $this->Url->css($path, $options);
 
+        $options = array_diff_key($options, ['fullBase' => null, 'pathPrefix' => null]);
 
 
         if ($options['once'] && isset($this->_includedAssets[__METHOD__][$path])) {
 
             return null;
 
@@ -499,10 +495,9 @@ class HtmlHelper extends Helper
 
             return null;
 
         }
 
 
-        if (strpos($url, '//') === false) {
 
-            $url = $this->Url->script($url, $options);
 
-            $options = array_diff_key($options, ['fullBase' => null, 'pathPrefix' => null]);
 
-        }
 
+        $url = $this->Url->script($url, $options);
 
+        $options = array_diff_key($options, ['fullBase' => null, 'pathPrefix' => null]);
 
+
 
         if ($options['once'] && isset($this->_includedAssets[__METHOD__][$url])) {
 
             return null;
 
         }

+ 14 - 2
tests/TestCase/View/Helper/HtmlHelperTest.php
View File 

@@ -615,8 +615,8 @@ class HtmlHelperTest extends TestCase
 
         $expected['link']['href'] = 'x:"><script>alert(1)</script>';
 
         $this->assertHtml($expected, $result);
 
 
-        $result = $this->Html->css('http://whatever.com/screen.css?1234');
 
-        $expected['link']['href'] = 'preg:/http:\/\/.*\/screen\.css\?1234/';
 
+        $result = $this->Html->css('http://whatever.com/screen.css?1234&a=b');
 
+        $expected['link']['href'] = 'http://whatever.com/screen.css?1234&a=b';
 
         $this->assertHtml($expected, $result);
 
 
         Configure::write('App.cssBaseUrl', '//cdn.cakephp.org/css/');
 
@@ -962,6 +962,18 @@ class HtmlHelperTest extends TestCase
 
         ];
 
         $this->assertHtml($expected, $result);
 
 
+        $result = $this->Html->script('//domain.com/test.json.js?foo=bar&other=test');
 
+        $expected = [
 
+            'script' => ['src' => '//domain.com/test.json.js?foo=bar&other=test'],
 
+        ];
 
+        $this->assertHtml($expected, $result);
 
+
 
+        $result = $this->Html->script('https://domain.com/test.json.js?foo=bar&other=test');
 
+        $expected = [
 
+            'script' => ['src' => 'https://domain.com/test.json.js?foo=bar&other=test'],
 
+        ];
 
+        $this->assertHtml($expected, $result);
 
+
 
         $result = $this->Html->script('x:"><script>alert(1)</script>');
 
         $expected = [
 
             'script' => ['src' => 'x:&quot;&gt;&lt;script&gt;alert(1)&lt;/script&gt;'],