mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-03 13:21:51 +00:00
Change unacceptable value default behavior to drop silently.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@269 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
38e0485fcd
commit
0da17072d1
@ -16,7 +16,9 @@ HTMLPurifier_ConfigDef::define(
|
||||
'Core', 'EscapeInvalidChildren', false,
|
||||
'When true, a child is found that is not allowed in the context of the '.
|
||||
'parent element will be transformed into text as if it were ASCII. When '.
|
||||
'false, that element (and all its descendants) will be silently dropped.'
|
||||
'false, that element and all internal tags will be dropped, though text '.
|
||||
'will be preserved. There is no option for dropping the element but '.
|
||||
'preserving child nodes.'
|
||||
);
|
||||
|
||||
class HTMLPurifier_ChildDef
|
||||
@ -135,7 +137,9 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
$is_deleting = false;
|
||||
if (!isset($this->elements[$token->name])) {
|
||||
$is_deleting = true;
|
||||
if ($pcdata_allowed && $escape_invalid_children) {
|
||||
if ($pcdata_allowed && $token->type == 'text') {
|
||||
$result[] = $token;
|
||||
} elseif ($pcdata_allowed && $escape_invalid_children) {
|
||||
$result[] = new HTMLPurifier_Token_Text(
|
||||
$this->gen->generateFromToken($token, $config)
|
||||
);
|
||||
@ -143,7 +147,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if (!$is_deleting) {
|
||||
if (!$is_deleting || ($pcdata_allowed && $token->type == 'text')) {
|
||||
$result[] = $token;
|
||||
} elseif ($pcdata_allowed && $escape_invalid_children) {
|
||||
$result[] =
|
||||
|
@ -8,6 +8,12 @@
|
||||
* features, such as custom tags, custom parsing of text, etc.
|
||||
*/
|
||||
|
||||
HTMLPurifier_ConfigDef::define(
|
||||
'Core', 'EscapeInvalidTags', false,
|
||||
'When true, invalid tags will be written back to the document as plain '.
|
||||
'text. Otherwise, they are silently dropped.'
|
||||
);
|
||||
|
||||
class HTMLPurifier_Strategy
|
||||
{
|
||||
|
||||
|
@ -18,6 +18,7 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
|
||||
function execute($tokens, $config) {
|
||||
$result = array();
|
||||
$current_nesting = array();
|
||||
$escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags');
|
||||
foreach ($tokens as $token) {
|
||||
if (empty( $token->is_tag )) {
|
||||
$result[] = $token;
|
||||
@ -86,9 +87,11 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
|
||||
|
||||
// make sure that we have something open
|
||||
if (empty($current_nesting)) {
|
||||
if ($escape_invalid_tags) {
|
||||
$result[] = new HTMLPurifier_Token_Text(
|
||||
$this->generator->generateFromToken($token, $config)
|
||||
);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -121,9 +124,11 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
|
||||
|
||||
// we still didn't find the tag, so translate to text
|
||||
if ($skipped_tags === false) {
|
||||
if ($escape_invalid_tags) {
|
||||
$result[] = new HTMLPurifier_Token_Text(
|
||||
$this->generator->generateFromToken($token, $config)
|
||||
);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -26,6 +26,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
|
||||
|
||||
function execute($tokens, $config) {
|
||||
$result = array();
|
||||
$escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags');
|
||||
foreach($tokens as $token) {
|
||||
if (!empty( $token->is_tag )) {
|
||||
// DEFINITION CALL
|
||||
@ -40,11 +41,13 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
|
||||
definition->
|
||||
info_tag_transform[$token->name]->
|
||||
transform($token);
|
||||
} else {
|
||||
} elseif ($escape_invalid_tags) {
|
||||
// invalid tag, generate HTML and insert in
|
||||
$token = new HTMLPurifier_Token_Text(
|
||||
$this->generator->generateFromToken($token, $config)
|
||||
);
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
} elseif ($token->type == 'comment') {
|
||||
// strip comments
|
||||
|
@ -24,14 +24,13 @@ class HTMLPurifier_Strategy_CoreTest
|
||||
$expect[1] = '<b>Make well formed.</b>';
|
||||
|
||||
$inputs[2] = '<b><div>Fix nesting.</div></b>';
|
||||
$expect[2] = '<b></b>';
|
||||
$expect[2] = '<b>Fix nesting.</b>';
|
||||
|
||||
// behavior may change
|
||||
$inputs[3] = '<asdf>Foreign element removal.</asdf>';
|
||||
$expect[3] = '<asdf>Foreign element removal.</asdf>';
|
||||
$expect[3] = 'Foreign element removal.';
|
||||
|
||||
$inputs[4] = '<foo><b><div>All three.</div></b>';
|
||||
$expect[4] = '<foo><b></b>';
|
||||
$expect[4] = '<b>All three.</b>';
|
||||
|
||||
$this->assertStrategyWorks($strategy, $inputs, $expect, $config);
|
||||
}
|
||||
|
@ -29,9 +29,9 @@ class HTMLPurifier_Strategy_FixNestingTest
|
||||
$inputs[1] = '<a href="about:blank">Blank</a><div>Block</div>';
|
||||
$expect[1] = $inputs[1];
|
||||
|
||||
// illegal block in inline, element -> text
|
||||
// illegal block in inline
|
||||
$inputs[2] = '<b><div>Illegal div.</div></b>';
|
||||
$expect[2] = '<b></b>';
|
||||
$expect[2] = '<b>Illegal div.</b>';
|
||||
|
||||
// same test with different configuration (fragile)
|
||||
$inputs[13] = '<b><div>Illegal div.</div></b>';
|
||||
@ -72,7 +72,7 @@ class HTMLPurifier_Strategy_FixNestingTest
|
||||
|
||||
// block in inline ins not allowed
|
||||
$inputs[11] = '<span><ins><div>Not allowed!</div></ins></span>';
|
||||
$expect[11] = '<span><ins></ins></span>';
|
||||
$expect[11] = '<span><ins>Not allowed!</ins></span>';
|
||||
|
||||
// block in inline ins not allowed
|
||||
$inputs[14] = '<span><ins><div>Not allowed!</div></ins></span>';
|
||||
|
@ -28,7 +28,7 @@ class HTMLPurifier_Strategy_MakeWellFormedTest
|
||||
|
||||
// CHANGE THIS BEHAVIOR!
|
||||
$inputs[4] = 'Unused end tags... recycle!</b>';
|
||||
$expect[4] = 'Unused end tags... recycle!</b>';
|
||||
$expect[4] = 'Unused end tags... recycle!';
|
||||
|
||||
$inputs[5] = '<br style="clear:both;">';
|
||||
$expect[5] = '<br style="clear:both;" />';
|
||||
|
@ -22,7 +22,7 @@ class HTMLPurifier_Strategy_RemoveForeignElementsTest
|
||||
|
||||
// [INVALID]
|
||||
$inputs[2] = '<asdf>Bling</asdf><d href="bang">Bong</d><foobar />';
|
||||
$expect[2] = htmlspecialchars($inputs[2]);
|
||||
$expect[2] = 'BlingBong';
|
||||
|
||||
// test simple transform
|
||||
$inputs[3] = '<menu><li>Item 1</li></menu>';
|
||||
|
Loading…
Reference in New Issue
Block a user