Disallow the usage of < and > in Slug rule (#55)

particle-php · Jul 5, 2017 · f2fe5f2 · f2fe5f2
1 parent 6a66c07
commit f2fe5f2
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/src/FilterRule/Slug.php b/src/FilterRule/Slug.php
@@ -60,7 +60,7 @@ public function filter($value)
 
         $value = transliterator_transliterate($this->transliterator, $value);
         $value = iconv("UTF-8", "ASCII//TRANSLIT//IGNORE", $value);
-        $value = preg_replace('/[-$?\s]+/', '-', $value);
+        $value = preg_replace('/[-$?\s<>]+/', '-', $value);
         $value = trim($value, '-');
         return strtolower($value);
     }

diff --git a/tests/FilterRule/SlugTest.php b/tests/FilterRule/SlugTest.php
@@ -44,6 +44,7 @@ public function getSlugResults()
     {
         return [
             ['', '', '', ''],
+            ['Do not try this %27"--></style></script><script>alert("at home")</script>', 'do-not-try-this-27-style-script-script-alertat-home-script', '', ''],
             ['This is a great stuff to slug !', 'this-is-a-great-stuff-to-slug', '', ''],
             ['That too with somê spéciàl châractèr$ from €ope !', 'that-too-with-some-special-character-from-europe', '', ''],
             ['A æ Übérmensch på høyeste nivå! И я люблю PHP ! ﬁ', 'a-ae-ubermensch-pa-hoyeste-niva-i-a-lublu-php-fi', '', ''],