Add tests for escaping name + value.

src/View/Input/MultiCheckbox.php

@@ -32,6 +32,16 @@ class MultiCheckbox {
 /**
  * Render multi-checkbox widget.
  *
+ * Data supports the following options.
+ *
+ * - `name` The name attribute of the inputs to create.
+ *   `[]` will be appended to the name.
+ * - `options` An array of options to create checkboxes out of.
+ * - `val` Either a string/integer or array of values that should be
+ *   checked.
+ * - `disabled` Either a boolean or an array of checkboxes to disable.
+ * - `escape` Set to false to disable HTML escaping.
+ *
  * @param array $data
  * @return string
  */
@@ -78,7 +88,7 @@ class MultiCheckbox {
 	protected function _renderInput($checkbox) {
 		$input = $this->_templates->format('checkbox', [
 			'name' => $checkbox['name'] . '[]',
-			'value' => $checkbox['value'],
+			'value' => $checkbox['escape'] ? h($checkbox['value']) : $checkbox['value'],
 			'attrs' => $this->_templates->formatAttributes(
 				$checkbox,
 				['name', 'value', 'text']

tests/TestCase/View/Input/MultiCheckboxTest.php

@@ -82,7 +82,28 @@ class MultiCheckboxTest extends TestCase {
  * @return void
  */
 	public function testRenderEscaping() {
-		$this->markTestIncomplete();
+		$input = new MultiCheckbox($this->templates);
+		$data = [
+			'name' => 'Tags[id]',
+			'options' => [
+				'>' => '>>',
+			]
+		];
+		$result = $input->render($data);
+		$expected = [
+			['div' => ['class' => 'checkbox']],
+			['input' => [
+				'type' => 'checkbox',
+				'name' => 'Tags[id][]',
+				'value' => '>',
+				'id' => 'tags-id',
+			]],
+			['label' => ['for' => 'tags-id']],
+			'>>',
+			'/label',
+			'/div',
+		];
+		$this->assertTags($result, $expected);
 	}
 
 /**