diff --git a/Core/Elements/Link.class.php b/Core/Elements/Link.class.php index 77ea1a1..e98bcfb 100644 --- a/Core/Elements/Link.class.php +++ b/Core/Elements/Link.class.php @@ -17,7 +17,7 @@ class Link extends StaticView { private string $href; private ?string $nonce; - function __construct($rel, $href, $type = "") { + function __construct(string $rel, string $href, string $type = "") { $this->href = $href; $this->type = $type; $this->rel = $rel; diff --git a/Core/Elements/Script.class.php b/Core/Elements/Script.class.php index b967cac..05df7c3 100644 --- a/Core/Elements/Script.class.php +++ b/Core/Elements/Script.class.php @@ -18,7 +18,7 @@ class Script extends StaticView { private string $src; private ?string $nonce; - function __construct($type, $src, $content = "") { + function __construct(string $type, string $src, string $content = "") { $this->src = $src; $this->type = $type; $this->content = $content; @@ -35,8 +35,8 @@ class Script extends StaticView { $attributes["nonce"] = $this->nonce; } - // TODO: do we need to escape the content here? - return html_tag("script", $attributes, $this->content, false); + $escapedContent = str_replace("", "<\\/script>", $this->content); + return html_tag("script", $attributes, $escapedContent, false); } public function setNonce(string $nonce) { diff --git a/Core/Elements/TemplateDocument.class.php b/Core/Elements/TemplateDocument.class.php index 8b8a436..a21c4b6 100644 --- a/Core/Elements/TemplateDocument.class.php +++ b/Core/Elements/TemplateDocument.class.php @@ -8,6 +8,7 @@ use Core\Objects\Router\Router; use Core\Objects\Search\Searchable; use Core\Objects\Search\SearchQuery; use Core\Objects\Search\SearchResult; +use Core\Elements\View; use Twig\Environment; use Twig\Error\LoaderError; use Twig\Error\RuntimeError; @@ -126,13 +127,13 @@ class TemplateDocument extends Document { } } - protected function loadView(string $class): array { + protected function loadView(string $class): View { $view = new $class($this); $view->loadParameters($this->parameters); if ($view->getTitle()) { $this->title = $view->getTitle(); } - return $this->parameters; + return $view; } public function doSearch(SearchQuery $query, DocumentRoute $route): array { diff --git a/Core/Elements/View.class.php b/Core/Elements/View.class.php index 6001627..6a0a655 100644 --- a/Core/Elements/View.class.php +++ b/Core/Elements/View.class.php @@ -7,15 +7,15 @@ use Core\Objects\Context; abstract class View extends StaticView { private Document $document; - private bool $loadView; + private bool $autoload; protected string $title; protected array $langModules; - public function __construct(Document $document, bool $loadView = true) { + public function __construct(Document $document, bool $autoload = true) { $this->document = $document; $this->title = "Untitled View"; $this->langModules = []; - $this->loadView = $loadView; + $this->autoload = $autoload; } public function getTitle(): string { return $this->title; } @@ -52,7 +52,7 @@ abstract class View extends StaticView { public function getCode(): string { // Load metadata + head (title, scripts, includes, ...) - if ($this->loadView) { + if ($this->autoload) { $this->loadView(); } diff --git a/Core/core.php b/Core/core.php index 6770248..b849f0f 100644 --- a/Core/core.php +++ b/Core/core.php @@ -10,7 +10,7 @@ if (is_file($autoLoad)) { require_once $autoLoad; } -const WEBBASE_VERSION = "2.4.6"; +const WEBBASE_VERSION = "2.4.7"; spl_autoload_extensions(".php"); spl_autoload_register(function ($class) {