diff --git a/core/Twig/Extension/CrudExtension.php b/core/Twig/Extension/CrudExtension.php index dcf9894..eb2c015 100644 --- a/core/Twig/Extension/CrudExtension.php +++ b/core/Twig/Extension/CrudExtension.php @@ -38,6 +38,7 @@ class CrudExtension extends AbstractExtension $field = $config['field']; $instance = new $field(); $resolver = $instance->configureOptions(new OptionsResolver()); + $flags = ENT_HTML5 | ENT_QUOTES; $render = $instance->buildView($this->twig, $entity, $resolver->resolve($config['options']), $locale); @@ -59,7 +60,7 @@ class CrudExtension extends AbstractExtension } foreach ($attrs as $k => $v) { - $attributes .= sprintf(' %s="%s" ', htmlspecialchars($k), htmlspecialchars($v)); + $attributes .= sprintf(' %s="%s" ', htmlspecialchars($k, $flags), htmlspecialchars($v, $flags)); } $render = sprintf('%s', $attributes, $render); diff --git a/core/Twig/Extension/FileInformationExtension.php b/core/Twig/Extension/FileInformationExtension.php index e1c39e0..876290a 100644 --- a/core/Twig/Extension/FileInformationExtension.php +++ b/core/Twig/Extension/FileInformationExtension.php @@ -72,7 +72,7 @@ class FileInformationExtension extends AbstractExtension if ($fileInfo) { foreach ($fileInfo->getAttributes() as $attribute) { if ($attribute['label'] === $label) { - $value = $attribute['value']; + $value = htmlspecialchars($attribute['value'], ENT_HTML5 | ENT_QUOTES); } } } diff --git a/core/Twig/Extension/UrlExtension.php b/core/Twig/Extension/UrlExtension.php index 3401a63..8b1eb29 100644 --- a/core/Twig/Extension/UrlExtension.php +++ b/core/Twig/Extension/UrlExtension.php @@ -27,7 +27,7 @@ class UrlExtension extends AbstractExtension public function replaceUrl(?string $content) { - preg_match_all('#\{\{\s*url://(?P[a-z_]+)(\?(?P.*))?\s*\}\}#isU', $content, $match, PREG_SET_ORDER); + preg_match_all('#\{\{\s*url://(?P[a-z0-9_]+)(\?(?P.*))?\s*\}\}#isU', $content, $match, PREG_SET_ORDER); foreach ($match as $block) { $url = null;