Add output helpers

[MAILPOET-1891]

lib/Newsletter/Renderer/EscapeHelper.php

@@ -0,0 +1,28 @@
+<?php
+namespace MailPoet\Newsletter\Renderer;
+
+class EscapeHelper {
+  static function escapeHtmlText($string) {
+    return htmlspecialchars((string)$string, ENT_NOQUOTES, 'UTF-8');
+  }
+
+  static function escapeHtmlAttr($string) {
+    return htmlspecialchars((string)$string, ENT_QUOTES, 'UTF-8', true);
+  }
+
+  static function escapeHtmlStyleAttr($string) {
+    return htmlspecialchars((string)$string, ENT_COMPAT, 'UTF-8', true);
+  }
+
+  static function unescapeHtmlStyleAttr($string) {
+    return htmlspecialchars_decode((string)$string, ENT_COMPAT);
+  }
+
+  static function escapeHtmlLinkAttr($string) {
+    $string = self::escapeHtmlAttr($string);
+    if (preg_match('~^javascript:|^data:text|^data:application~i', $string) === 1) {
+      return '';
+    }
+    return $string;
+  }
+}

tests/unit/Newsletter/Renderer/EscapeHelperTest.php

@@ -0,0 +1,26 @@
+<?php
+namespace MailPoet\Test\Newsletter;
+
+use MailPoet\Newsletter\Renderer\EscapeHelper as EHelper;
+
+class EscapeHelperTest extends \MailPoetUnitTest {
+
+  function testItEscapesHtmlText() {
+    expect(EHelper::escapeHtmlText('Text<tag>\'"Hello</tag>'))
+      ->equals("Text&lt;tag&gt;'\"Hello&lt;/tag&gt;");
+  }
+
+  function testItEscapesHtmlAttr() {
+    expect(EHelper::escapeHtmlAttr('Text<tag>\'"Hello</tag>'))
+      ->equals("Text&lt;tag&gt;&#039;&quot;Hello&lt;/tag&gt;");
+  }
+
+  function testItEscapesLinkAttr() {
+    expect(EHelper::escapeHtmlLinkAttr('Text<tag>\'"Hello</tag>'))
+      ->equals("Text&lt;tag&gt;&#039;&quot;Hello&lt;/tag&gt;");
+    expect(EHelper::escapeHtmlLinkAttr('javaScRipt:Text<tag>\'"Hello</tag>'))
+      ->equals("");
+    expect(EHelper::escapeHtmlLinkAttr('DAta:Text<tag>\'"Hello</tag>'))
+      ->equals("");
+  }
+}