From 0bab4b9fd0c4524e75320cfae01f7ae303f5b7a2 Mon Sep 17 00:00:00 2001 From: "f.godfrin" Date: Fri, 10 Feb 2017 00:38:05 +0100 Subject: [PATCH] Fix mungeRgb to handle percent, float and hsl values --- library/HTMLPurifier/AttrDef.php | 9 +++++++-- tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php | 14 ++++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/library/HTMLPurifier/AttrDef.php b/library/HTMLPurifier/AttrDef.php index 5ac06522..8d4db17f 100644 --- a/library/HTMLPurifier/AttrDef.php +++ b/library/HTMLPurifier/AttrDef.php @@ -9,7 +9,6 @@ * Besides defining (through code) what precisely makes the string valid, * subclasses are also responsible for cleaning the code if possible. */ - abstract class HTMLPurifier_AttrDef { @@ -86,7 +85,13 @@ abstract class HTMLPurifier_AttrDef */ protected function mungeRgb($string) { - return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string); + $p = '(\d+(\.\d+)?([%]?))'; + + if (preg_match('/(rgba|hsla)\(/', $string)) { + return preg_replace('/(rgba|hsla)\(' . $p . '\s*,\s*' . $p . '\s*,\s*' . $p . '\s*,\s*' . $p . '\)/', '\1(\2,\5,\8,\11)', $string); + } + + return preg_replace('/(rgb|hsl)\(' . $p . '\s*,\s*' . $p . '\s*,\s*' . $p . '\)/', '\1(\2,\5,\8)', $string); } /** diff --git a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php index aa18d096..8d826f87 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php @@ -12,12 +12,18 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes $this->assertDef($valid); $this->assertDef('url(\'chess.png\') #333 50% top repeat fixed', $valid); $this->assertDef( - 'rgb(34, 56, 33) url(chess.png) repeat fixed top', - 'rgb(34,56,33) url("chess.png") repeat fixed top' + 'rgb(34%, 56%, 33%) url(chess.png) repeat fixed top', + 'rgb(34%,56%,33%) url("chess.png") repeat fixed top' + ); + $this->assertDef( + 'rgba(74, 12, 85, 0.35) repeat fixed bottom', + 'rgba(74,12,85,.35) repeat fixed bottom' + ); + $this->assertDef( + 'hsl(244, 47.4%, 88.1%) right center', + 'hsl(244,47.4%,88.1%) right center' ); - } - } // vim: et sw=4 sts=4