Fix bug in parsing single attribute with entities.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2024-09-18 18:25:18 +00:00 · 2010-05-31 19:44:18 -07:00 · 2010-05-31 19:44:18 -07:00 · 00c66fa9cb
commit 00c66fa9cb
parent d3abcb90e3
4 changed files with 13 additions and 1 deletions
--- a/2
+++ b/2
@ -10,6 +10,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ==========================

 4.1.1, unknown release date
+- Fix bug in DirectLex for parsing elements with a single attribute
+  with entities.
 - Rewrite CSS output logic for font-family and url().  Thanks Mario
  Heiderich <mario.heiderich@googlemail.com> for reporting and Takeshi
  Terada <t-terada@violet.plala.or.jp> for suggesting the fix.
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@ -6,6 +6,7 @@
  </file>
  <file name="HTMLPurifier/Lexer.php">
   <line>81</line>
+   <line>269</line>
  </file>
  <file name="HTMLPurifier/Lexer/DirectLex.php">
   <line>53</line>
--- a/library/HTMLPurifier/Lexer/DirectLex.php
+++ b/library/HTMLPurifier/Lexer/DirectLex.php
@ -384,7 +384,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
                }
            }
            if ($value === false) $value = '';
-            return array($key => $value);
+            return array($key => $this->parseData($value));
        }

        // setup loop environment
--- a/tests/HTMLPurifier/LexerTest.php
+++ b/tests/HTMLPurifier/LexerTest.php
@ -262,6 +262,15 @@ class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
        );
    }

+    function test_tokenizeHTML_singleAttribute() {
+        $this->assertTokenization(
+            '<br style="&amp;" />',
+            array(
+                new HTMLPurifier_Token_Empty('br', array('style' => '&'))
+            )
+        );
+    }
+
    function test_tokenizeHTML_emptyTag() {
        $this->assertTokenization(
            '<br />',