Skip to content

Commit 02eb07b

Browse files
jissereitsmajissereitsma
committed
Add escaping of template code
1 parent cc13a67 commit 02eb07b

File tree

1 file changed

+19
-19
lines changed

1 file changed

+19
-19
lines changed

view/frontend/templates/component/debugger.phtml

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,9 @@ use Loki\Components\Factory\ViewModelFactory;
1818
$idConvertor = $viewModelFactory->create(IdConvertor::class);
1919
$htmlId = $idConvertor->toElementId($block->getNameInLayout());
2020
?>
21-
<div class="<?= $css('hidden md:block w-full border-t border-gray-400', 'td') ?>">
22-
<div class="<?= $css('flex items-stretch overflow-x-auto', 'td') ?>" role="tablist">
23-
<div class="<?= $css('border-b border-gray-300 p-2', 'td') ?>">
21+
<div class="<?= $escaper->escapeHtmlAttr($css('hidden md:block w-full border-t border-gray-400', 'td')) ?>">
22+
<div class="<?= $escaper->escapeHtmlAttr($css('flex items-stretch overflow-x-auto', 'td')) ?>" role="tablist">
23+
<div class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'td')) ?>">
2424
<span role="tab">Loki Debugger</span>
2525
</div>
2626
<div>
@@ -31,7 +31,7 @@ $htmlId = $idConvertor->toElementId($block->getNameInLayout());
3131
type="button"
3232
@click.prevent="switchTab"
3333
:class="buttonCssClass"
34-
class="<?= $css('inline-flex rounded-t-lg border-t border-l border-r p-4 border-gray-300 ', 'button-server') ?>">
34+
class="<?= $escaper->escapeHtmlAttr($css('inline-flex rounded-t-lg border-t border-l border-r p-4 border-gray-300 ', 'button-server')) ?>">
3535
Server Dump
3636
</button>
3737
</div>
@@ -43,58 +43,58 @@ $htmlId = $idConvertor->toElementId($block->getNameInLayout());
4343
type="button"
4444
@click.prevent="switchTab"
4545
:class="buttonCssClass"
46-
class="<?= $css('inline-flex rounded-t-lg border-t border-l border-r p-4 border-gray-300 ', 'button-components') ?>">
46+
class="<?= $escaper->escapeHtmlAttr($css('inline-flex rounded-t-lg border-t border-l border-r p-4 border-gray-300 ', 'button-components')) ?>">
4747
Registered Components
4848
</button>
4949
</div>
5050
</div>
5151

5252
<div>
53-
<div :class="tabCssClass" class="<?= $css('p-4', 'tab-server') ?>" data-tab-name="server" id="tab-server">
54-
<h3 class="<?= $css('text-xl my-4', 'tab-heading') ?>">
53+
<div :class="tabCssClass" class="<?= $escaper->escapeHtmlAttr($css('p-4', 'tab-server')) ?>" data-tab-name="server" id="tab-server">
54+
<h3 class="<?= $escaper->escapeHtmlAttr($css('text-xl my-4', 'tab-heading')) ?>">
5555
Server Dump
5656
</h3>
5757
<pre><?php var_dump($viewModel->getData()) ?></pre>
5858
</div>
5959

60-
<div :class="tabCssClass" class="<?= $css('p-4', 'tab-components') ?>" data-tab-name="components" id="tab-components">
61-
<table class="<?= $css('table-auto w-full text-xs', 'table') ?>">
60+
<div :class="tabCssClass" class="<?= $escaper->escapeHtmlAttr($css('p-4', 'tab-components')) ?>" data-tab-name="components" id="tab-components">
61+
<table class="<?= $escaper->escapeHtmlAttr($css('table-auto w-full text-xs', 'table')) ?>">
6262
<thead>
6363
<tr>
64-
<th class="<?= $css('border-b border-gray-300 p-2', 'th') ?>">
64+
<th class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'th')) ?>">
6565
Alpine Instance / Component
6666
</th>
67-
<th class="<?= $css('border-b border-gray-300 p-2', 'th') ?>">
67+
<th class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'th')) ?>">
6868
Element ID
6969
</th>
70-
<th class="<?= $css('border-b border-gray-300 p-2', 'th') ?>">
70+
<th class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'th')) ?>">
7171
Loki Component Name
7272
</th>
73-
<th class="<?= $css('border-b border-gray-300 p-2', 'th') ?>">
73+
<th class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'th')) ?>">
7474
Value
7575
</th>
76-
<th class="<?= $css('border-b border-gray-300 p-2', 'th') ?>">
76+
<th class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'th')) ?>">
7777
Details
7878
</th>
7979
</tr>
8080
</thead>
8181
<tbody>
8282
<template x-for="component in components" :key="component.id">
8383
<tr>
84-
<td class="<?= $css('border-b border-gray-300 p-2', 'td') ?>">
84+
<td class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'td')) ?>">
8585
<strong><code x-text="component.id"></code></strong><br/>
8686
<code x-text="component.name"></code>
8787
</td>
88-
<td class="<?= $css('border-b border-gray-300 p-2', 'td') ?>">
88+
<td class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'td')) ?>">
8989
<code x-text="component.elementId"></code>
9090
</td>
91-
<td class="<?= $css('border-b border-gray-300 p-2', 'td') ?>">
91+
<td class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'td')) ?>">
9292
<code x-text="component.blockId"></code>
9393
</td>
94-
<td class="<?= $css('border-b border-gray-300 p-2', 'td') ?>">
94+
<td class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'td')) ?>">
9595
<code x-text="component.value"></code>
9696
</td>
97-
<td class="<?= $css('border-b border-gray-300 p-2', 'td') ?>">
97+
<td class="<?= $escaper->escapeHtmlAttr($css('border-b border-gray-300 p-2', 'td')) ?>">
9898
<code x-json="component.getDetails"></code>
9999
</td>
100100
</tr>

0 commit comments

Comments
 (0)