Skip to content

Commit

Permalink
Merge commit from fork
Browse files Browse the repository at this point in the history
  • Loading branch information
@oleibman
oleibman authored Jan 12, 2025
1 parent 51b1d1c commit 4088381
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/PhpSpreadsheet/Writer/Html.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,7 +561,7 @@ public function generateNavigation(): string
$html .= '<ul class="navigation">' . PHP_EOL;

foreach ($sheets as $sheet) {
$html .= ' <li class="sheet' . $sheetId . '"><a href="#sheet' . $sheetId . '">' . $sheet->getTitle() . '</a></li>' . PHP_EOL;
$html .= ' <li class="sheet' . $sheetId . '"><a href="#sheet' . $sheetId . '">' . htmlspecialchars($sheet->getTitle()) . '</a></li>' . PHP_EOL;
++$sheetId;
}

Expand Down
35 changes: 35 additions & 0 deletions tests/PhpSpreadsheetTests/Writer/Html/NavigationBadTitleTest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<?php

declare(strict_types=1);

namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;

use PhpOffice\PhpSpreadsheet\Spreadsheet;
use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
use PHPUnit\Framework\TestCase;

class NavigationBadTitleTest extends TestCase
{
public function testNavigationTitle(): void
{
$spreadsheet = new Spreadsheet();
$sheet = $spreadsheet->getActiveSheet();
$sheet->getCell('A1')->setValue(1);
$sheet2 = $spreadsheet->createSheet();
$sheet2->setTitle('<img src=x onerror=alert(1)>');
$sheet2->getCell('A2')->setValue(2);

$writer = new HtmlWriter($spreadsheet);
$writer->writeAllSheets();
$html = $writer->generateHTMLAll();
$expected = '<ul class="navigation">'
. PHP_EOL
. ' <li class="sheet0"><a href="#sheet0">Worksheet</a></li>'
. PHP_EOL
. ' <li class="sheet1"><a href="#sheet1">&lt;img src=x onerror=alert(1)&gt;</a></li>'
. PHP_EOL
. '</ul>';
self::assertStringContainsString($expected, $html, 'appropriate characters are escaped');
$spreadsheet->disconnectWorksheets();
}
}

0 comments on commit 4088381

Please sign in to comment.