create-prisma-php-app 3.0.0-beta.10 → 3.0.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/src/Lib/PHPX/TemplateCompiler.php +36 -9
  2. package/package.json +1 -1
package/dist/src/Lib/PHPX/TemplateCompiler.php CHANGED
@@ -146,6 +146,8 @@ class TemplateCompiler
146
146
 
147
147
  public static function convertToXml(string $templateContent): DOMDocument
148
148
  {
149
+ $templateContent = self::protectInlineScripts($templateContent);
150
+
149
151
  $templateContent = self::escapeMustacheAngles(
150
152
  self::escapeAttributeAngles(
151
153
  self::escapeAmpersands($templateContent)
@@ -165,12 +167,31 @@ class TemplateCompiler
165
167
  return $dom;
166
168
  }
167
169
 
168
- /**
169
- * Extracts the inner XML of a DOMNode, including all child nodes.
170
- *
171
- * @param DOMNode $node The node from which to extract the inner XML.
172
- * @return string The inner XML as a string.
173
- */
170
+ private static function protectInlineScripts(string $html): string
171
+ {
172
+ return preg_replace_callback(
173
+ '#<script\b([^>]*?)>(.*?)</script>#is',
174
+ static function ($m) {
175
+ if (preg_match('/\bsrc\s*=/i', $m[1])) {
176
+ return $m[0];
177
+ }
178
+
179
+ if (strpos($m[2], '<![CDATA[') !== false) {
180
+ return $m[0];
181
+ }
182
+
183
+ if (preg_match('/\btype\s*=\s*(["\']?)(?!text\/|application\/javascript|module)/i', $m[1])) {
184
+ return $m[0];
185
+ }
186
+
187
+ $code = str_replace(']]>', ']]]]><![CDATA[>', $m[2]);
188
+
189
+ return "<script{$m[1]}><![CDATA[\n{$code}\n]]></script>";
190
+ },
191
+ $html
192
+ );
193
+ }
194
+
174
195
  public static function innerXml(DOMNode $node): string
175
196
  {
176
197
  if ($node instanceof DOMDocument) {
@@ -505,12 +526,18 @@ class TemplateCompiler
505
526
  {
506
527
  $pairs = [];
507
528
  foreach ($attrs as $k => $v) {
508
- if ($k !== 'children') {
509
- $pairs[] = "{$k}=\"{$v}\"";
529
+ if ($k === 'children') {
530
+ continue;
510
531
  }
532
+ $pairs[] = sprintf(
533
+ '%s="%s"',
534
+ $k,
535
+ htmlspecialchars($v, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8')
536
+ );
511
537
  }
512
538
  $attrStr = $pairs ? ' ' . implode(' ', $pairs) : '';
513
- return in_array(strtolower($tag), self::$selfClosingTags)
539
+
540
+ return in_array(strtolower($tag), self::$selfClosingTags, true)
514
541
  ? "<{$tag}{$attrStr} />"
515
542
  : "<{$tag}{$attrStr}>{$attrs['children']}</{$tag}>";
516
543
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-prisma-php-app",
3
- "version": "3.0.0-beta.10",
3
+ "version": "3.0.0-beta.11",
4
4
  "description": "Prisma-PHP: A Revolutionary Library Bridging PHP with Prisma ORM",
5
5
  "main": "dist/index.js",
6
6
  "type": "module",