*
* @param string $str String to replace in
* @param array|Traversable $from Replace values
- * @param string|null $to Replace to, deprecated (@see http://php.net/manual/en/function.strtr.php)
+ * @param string|null $to Replace to, deprecated (@see https://secure.php.net/manual/en/function.strtr.php)
*
* @return string
*/
switch ($strategy) {
case 'html':
- // see http://php.net/htmlspecialchars
+ // see https://secure.php.net/htmlspecialchars
// Using a static variable to avoid initializing the array
// each time the function is called. Moving the declaration on the
case 'js':
// escape all non-alphanumeric characters
- // into their \xHH or \uHHHH representations
+ // into their \x or \uHHHH representations
if ('UTF-8' !== $charset) {
$string = twig_convert_encoding($string, 'UTF-8', $charset);
}
{
$char = $matches[0];
- // \xHH
- if (!isset($char[1])) {
- return '\\x'.strtoupper(substr('00'.bin2hex($char), -2));
+ /*
+ * A few characters have short escape sequences in JSON and JavaScript.
+ * Escape sequences supported only by JavaScript, not JSON, are ommitted.
+ * \" is also supported but omitted, because the resulting string is not HTML safe.
+ */
+ static $shortMap = array(
+ '\\' => '\\\\',
+ '/' => '\\/',
+ "\x08" => '\b',
+ "\x0C" => '\f',
+ "\x0A" => '\n',
+ "\x0D" => '\r',
+ "\x09" => '\t',
+ );
+
+ if (isset($shortMap[$char])) {
+ return $shortMap[$char];
}
// \uHHHH
/**
* This function is adapted from code coming from Zend Framework.
*
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
- * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (https://www.zend.com)
+ * @license https://framework.zend.com/license/new-bsd New BSD License
*/
function _twig_escape_html_attr_callback($matches)
{