From be6fba3a8695709a82051ea158ab433591003a8f Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Wed, 26 Jul 2017 17:12:35 -0500 Subject: [PATCH] Security: sanitize all markup 'text' as plain text before output --- common/theme/classes/theme_html.php | 311 +++++++++++++++++++----------------- 1 file changed, 163 insertions(+), 148 deletions(-) diff --git a/common/theme/classes/theme_html.php b/common/theme/classes/theme_html.php index d638926..ef327d5 100644 --- a/common/theme/classes/theme_html.php +++ b/common/theme/classes/theme_html.php @@ -1595,103 +1595,103 @@ class c_theme_html extends c_base_return { if ($type === c_base_markup_tag::TYPE_A) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_a($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ABBR) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ADDRESS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ALTERNATE_GLYPH) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_alternate_glyph($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ALTERNATE_GLYPH_DEFINITION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ALTERNATE_GLYPH_ITEM) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ANIMATE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_animate($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ANIMATE_MOTION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_animate_motion($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ANIMATE_TRANSFORM) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_animate_transform($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_AREA) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_area($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ARTICLE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ASIDE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_AUDIO) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_audio($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_BOLD) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_BDI) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_BDO) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_BLOCKQUOTE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_blockquote($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } @@ -1700,289 +1700,289 @@ class c_theme_html extends c_base_return { } elseif ($type === c_base_markup_tag::TYPE_BUTTON) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_button($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CANVAS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_canvas($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CAPTION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CHECKBOX) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'checkbox') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CIRCLE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_circle($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CITE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CLIP_PATH) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_clip_path($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CODE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_COLUMN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_col($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_COLUMN_GROUP) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_colgroup($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_COLOR) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'color') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_COLOR_PROFILE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_color_profile($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_CURSOR) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_cursor($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DATA) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_data($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DATA_LIST) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DATE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'date') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DATE_TIME_LOCAL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'datetime-local') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TERM_DESCRIPTION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DEFS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DEL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_del($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DESCRIPTION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DETAILS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_details($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DFN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DIALOG) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_dialog($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DIVIDER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_DEFINITION_LIST) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TERM_NAME) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ELLIPSE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_ellipse($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_EM) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_EMAIL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'email') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_EMBED) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_embed($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_FE_BLEND) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_fe_blend($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_FIELD_SET) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_fieldset($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_FIGURE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_FIGURE_CAPTION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_GROUP) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_group($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_FILE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'file') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_FOOTER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_FORM) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_form($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_H1) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_H2) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_H3) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_H4) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_H5) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag-get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag-get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_H6) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_HX) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_HEADER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_HIDDEN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'hidden') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } @@ -1991,499 +1991,499 @@ class c_theme_html extends c_base_return { } elseif ($type === c_base_markup_tag::TYPE_ITALICS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_INLINE_FRAME) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_iframe($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_IMAGE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_image($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_IMAGE_SVG) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_image_svg($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_INPUT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_INS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_ins($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_KEYBOARD) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_KEY_GEN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_key_gen($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_LABEL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_label($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_LEGEND) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_LIST_ITEM) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_li($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_LINE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_line($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_LINEAR_GRADIENT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_linear_gradient($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MAIN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MAP) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_map($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MARK) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MARKER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_marker($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MASK) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_mask($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MENU) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_menu($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MENU_ITEM) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_menuitem($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_METER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_meter($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_MONTH) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'month') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_NAVIGATION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_NUMBER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'number') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_OBJECT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_object($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_ORDERED_LIST) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_ol($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_OPTIONS_GROUP) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_opt_group($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_OPTION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_option($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_OUTPUT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_output($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_PARAGRAPH) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= '

'; } elseif ($type === c_base_markup_tag::TYPE_PARAM) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_param($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_PASSWORD) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'password') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_PATH) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_path($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_PATTERN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_pattern($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_PICTURE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_POLYGON) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_polygon($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_POLYLINE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_polyline($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_PREFORMATTED) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_PROGRESS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_progress($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_Q) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_q($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RADIAL_GRADIENT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_radial_gradient($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RADIO) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'radio') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RANGE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'range') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RECTANGLE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_rectangle($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RESET) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'reset') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RUBY_PARENTHESIS) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RUBY_PRONUNCIATION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_RUBY) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_STRIKE_THROUGH) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SAMPLE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SEARCH) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'search') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SECTION) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SELECT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'select') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SMALL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SOURCE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_source($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SPAN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_STOP) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_stop($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_STRONG) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SUB_SCRIPT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SUBMIT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'submit') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_SVG) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_svg($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TABLE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_table($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TABLE_BODY) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TABLE_CELL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TABLE_FOOTER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TABLE_HEADER) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TABLE_HEADER_CELL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_table_header_cell($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TABLE_ROW) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TEXT) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'text') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TEXT_AREA) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_text_area($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TEXT_REFERENCE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TEXT_SPAN) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TEXT_SVG) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_text_svg($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TIME) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_time($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_TRACK) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_track($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_UNDERLINE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_UNORDERED_LIST) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_URL) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'url') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_USE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_use($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_VARIABLE) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_VIDEO) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_video($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_WEEK) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_input($tag, 'week') . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } elseif ($type === c_base_markup_tag::TYPE_WIDE_BREAK) { $markup .= 'p_render_markup_attributes_global($tag) . $this->p_render_markup_attributes_event_handler($tag) . '>'; - $markup .= $tag->get_text()->get_value_exact(); + $markup .= $this->p_html_entities($tag->get_text()->get_value_exact()); $markup .= $child_markup; $markup .= ''; } @@ -6461,4 +6461,19 @@ class c_theme_html extends c_base_return { return $markup; } + + /** + * Deocodes all HTML entities, effectively sanitizing plain text to be displayed in HTML. + * + * @param string $text + * The text to sanitize. + * + * @return string + * The sanitized text. + * + * @see: htmlentities() + */ + private function p_html_entities($text) { + return htmlentities($text); + } } -- 1.8.3.1