Merge pull request #118 from fxbt/master

Add hsl, hsla and rgba support for css color attribute definition
2024-09-18 18:25:18 +00:00 · 2017-03-06 23:01:06 -08:00 · 2017-03-06 23:01:06 -08:00 · 0c31b22240
commit 0c31b22240
parent 5662efc936 12185143ef
4 changed files with 130 additions and 42 deletions
--- a/library/HTMLPurifier/AttrDef.php
+++ b/library/HTMLPurifier/AttrDef.php
@ -86,7 +86,13 @@ abstract class HTMLPurifier_AttrDef
     */
    protected function mungeRgb($string)
    {
-        return preg_replace('/rgb\((\d+)\s*,\s*(\d+)\s*,\s*(\d+)\)/', 'rgb(\1,\2,\3)', $string);
+        $p = '\s*(\d+(\.\d+)?([%]?))\s*';
+
+        if (preg_match('/(rgba|hsla)\(/', $string)) {
+            return preg_replace('/(rgba|hsla)\('.$p.','.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8,\11)', $string);
+        }
+
+        return preg_replace('/(rgb|hsl)\('.$p.','.$p.','.$p.'\)/', '\1(\2,\5,\8)', $string);
    }

    /**
--- a/library/HTMLPurifier/AttrDef/CSS/Color.php
+++ b/library/HTMLPurifier/AttrDef/CSS/Color.php
@ -6,6 +6,16 @@
 class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
 {

+    /**
+     * @type HTMLPurifier_AttrDef_CSS_AlphaValue
+     */
+    protected $alpha;
+
+    public function __construct()
+    {
+        $this->alpha = new HTMLPurifier_AttrDef_CSS_AlphaValue();
+    }
+
    /**
     * @param string $color
     * @param HTMLPurifier_Config $config
@ -29,59 +39,104 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
            return $colors[$lower];
        }

-        if (strpos($color, 'rgb(') !== false) {
-            // rgb literal handling
+        if (preg_match('#(rgb|rgba|hsl|hsla)\(#', $color, $matches) === 1) {
            $length = strlen($color);
            if (strpos($color, ')') !== $length - 1) {
                return false;
            }
-            $triad = substr($color, 4, $length - 4 - 1);
-            $parts = explode(',', $triad);
-            if (count($parts) !== 3) {
+
+            // get used function : rgb, rgba, hsl or hsla
+            $function = $matches[1];
+
+            $parameters_size = 3;
+            $alpha_channel = false;
+            if (substr($function, -1) === 'a') {
+                $parameters_size = 4;
+                $alpha_channel = true;
+            }
+
+            /*
+             * Allowed types for values :
+             * parameter_position => [type => max_value]
+             */
+            $allowed_types = [
+                1 => ['percentage' => 100, 'integer' => 255],
+                2 => ['percentage' => 100, 'integer' => 255],
+                3 => ['percentage' => 100, 'integer' => 255],
+            ];
+            $allow_different_types = false;
+
+            if (strpos($function, 'hsl') !== false) {
+                $allowed_types = [
+                    1 => ['integer' => 360],
+                    2 => ['percentage' => 100],
+                    3 => ['percentage' => 100],
+                ];
+                $allow_different_types = true;
+            }
+
+            $values = trim(str_replace($function, '', $color), ' ()');
+
+            $parts = explode(',', $values);
+            if (count($parts) !== $parameters_size) {
                return false;
            }
-            $type = false; // to ensure that they're all the same type
+
+            $type = false;
            $new_parts = array();
+            $i = 0;
+
            foreach ($parts as $part) {
+                $i++;
                $part = trim($part);
+
                if ($part === '') {
                    return false;
                }
-                $length = strlen($part);
-                if ($part[$length - 1] === '%') {
-                    // handle percents
-                    if (!$type) {
-                        $type = 'percentage';
-                    } elseif ($type !== 'percentage') {
+
+                // different check for alpha channel
+                if ($alpha_channel === true && $i === count($parts)) {
+                    $result = $this->alpha->validate($part, $config, $context);
+
+                    if ($result === false) {
                        return false;
                    }
-                    $num = (float)substr($part, 0, $length - 1);
-                    if ($num < 0) {
-                        $num = 0;
-                    }
-                    if ($num > 100) {
-                        $num = 100;
-                    }
-                    $new_parts[] = "$num%";
+
+                    $new_parts[] = (string)$result;
+                    continue;
+                }
+
+                if (substr($part, -1) === '%') {
+                    $current_type = 'percentage';
                } else {
-                    // handle integers
-                    if (!$type) {
-                        $type = 'integer';
-                    } elseif ($type !== 'integer') {
-                        return false;
-                    }
-                    $num = (int)$part;
-                    if ($num < 0) {
-                        $num = 0;
-                    }
-                    if ($num > 255) {
-                        $num = 255;
-                    }
-                    $new_parts[] = (string)$num;
+                    $current_type = 'integer';
+                }
+
+                if (!array_key_exists($current_type, $allowed_types[$i])) {
+                    return false;
+                }
+
+                if (!$type) {
+                    $type = $current_type;
+                }
+
+                if ($allow_different_types === false && $type != $current_type) {
+                    return false;
+                }
+
+                $max_value = $allowed_types[$i][$current_type];
+
+                if ($current_type == 'integer') {
+                    // Return value between range 0 -> $max_value
+                    $new_parts[] = (int)max(min($part, $max_value), 0);
+                } elseif ($current_type == 'percentage') {
+                    $new_parts[] = (float)max(min(rtrim($part, '%'), $max_value), 0) . '%';
                }
            }
-            $new_triad = implode(',', $new_parts);
-            $color = "rgb($new_triad)";
+
+            $new_values = implode(',', $new_parts);
+
+            $color = $function . '(' . $new_values . ')';
        } else {
            // hexadecimal handling
            if ($color[0] === '#') {
@ -100,6 +155,7 @@ class HTMLPurifier_AttrDef_CSS_Color extends HTMLPurifier_AttrDef
        }
        return $color;
    }
+
 }

 // vim: et sw=4 sts=4
--- a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php
@ -12,12 +12,18 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes
        $this->assertDef($valid);
        $this->assertDef('url(\'chess.png\') #333 50% top repeat fixed', $valid);
        $this->assertDef(
-            'rgb(34, 56, 33) url(chess.png) repeat fixed top',
-            'rgb(34,56,33) url("chess.png") repeat fixed top'
+            'rgb(34%, 56%, 33%) url(chess.png) repeat fixed top',
+            'rgb(34%,56%,33%) url("chess.png") repeat fixed top'
+        );
+        $this->assertDef(
+            'rgba(74, 12, 85, 0.35) repeat fixed bottom',
+            'rgba(74,12,85,.35) repeat fixed bottom'
+        );
+        $this->assertDef(
+            'hsl(244, 47.4%, 88.1%) right center',
+            'hsl(244,47.4%,88.1%) right center'
        );
-
    }
-
 }

 // vim: et sw=4 sts=4
--- a/tests/HTMLPurifier/AttrDef/CSS/ColorTest.php
+++ b/tests/HTMLPurifier/AttrDef/CSS/ColorTest.php
@ -11,13 +11,33 @@ class HTMLPurifier_AttrDef_CSS_ColorTest extends HTMLPurifier_AttrDefHarness
        $this->assertDef('#fff');
        $this->assertDef('#eeeeee');
        $this->assertDef('#808080');
+
        $this->assertDef('rgb(255, 0, 0)', 'rgb(255,0,0)'); // rm spaces
        $this->assertDef('rgb(100%,0%,0%)');
        $this->assertDef('rgb(50.5%,23.2%,43.9%)'); // decimals okay
+        $this->assertDef('rgb(-5,0,0)', 'rgb(0,0,0)'); // negative values
+        $this->assertDef('rgb(295,0,0)', 'rgb(255,0,0)'); // max values
+        $this->assertDef('rgb(12%,150%,0%)', 'rgb(12%,100%,0%)'); // percentage max values
+
+        $this->assertDef('rgba(255, 0, 0, 0)', 'rgba(255,0,0,0)'); // rm spaces
+        $this->assertDef('rgba(100%,0%,0%,.4)');
+        $this->assertDef('rgba(38.1%,59.7%,1.8%,0.7)', 'rgba(38.1%,59.7%,1.8%,.7)'); // decimals okay
+
+        $this->assertDef('hsl(275, 45%, 81%)', 'hsl(275,45%,81%)'); // rm spaces
+        $this->assertDef('hsl(100,0%,0%)');
+        $this->assertDef('hsl(38,59.7%,1.8%)', 'hsl(38,59.7%,1.8%)'); // decimals okay
+        $this->assertDef('hsl(-11,-15%,25%)', 'hsl(0,0%,25%)'); // negative values
+        $this->assertDef('hsl(380,125%,0%)', 'hsl(360,100%,0%)'); // max values
+
+        $this->assertDef('hsla(100, 74%, 29%, 0)', 'hsla(100,74%,29%,0)'); // rm spaces
+        $this->assertDef('hsla(154,87%,21%,.4)');
+        $this->assertDef('hsla(45,94.3%,4.1%,0.7)', 'hsla(45,94.3%,4.1%,.7)'); // decimals okay

        $this->assertDef('#G00', false);
        $this->assertDef('cmyk(40, 23, 43, 23)', false);
-        $this->assertDef('rgb(0%, 23, 68%)', false);
+        $this->assertDef('rgb(0%, 23, 68%)', false); // no mixed type
+        $this->assertDef('rgb(231, 144, 28.2%)', false); // no mixed type
+        $this->assertDef('hsl(18%,12%,89%)', false); // integer, percentage, percentage

        // clip numbers outside sRGB gamut
        $this->assertDef('rgb(200%, -10%, 0%)', 'rgb(100%,0%,0%)');