0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-03 13:21:51 +00:00

Change unacceptable value default behavior to drop silently.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@269 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-15 23:58:18 +00:00
parent 38e0485fcd
commit 0da17072d1
8 changed files with 36 additions and 19 deletions

View File

@ -16,7 +16,9 @@ HTMLPurifier_ConfigDef::define(
'Core', 'EscapeInvalidChildren', false,
'When true, a child is found that is not allowed in the context of the '.
'parent element will be transformed into text as if it were ASCII. When '.
'false, that element (and all its descendants) will be silently dropped.'
'false, that element and all internal tags will be dropped, though text '.
'will be preserved. There is no option for dropping the element but '.
'preserving child nodes.'
);
class HTMLPurifier_ChildDef
@ -135,7 +137,9 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
$is_deleting = false;
if (!isset($this->elements[$token->name])) {
$is_deleting = true;
if ($pcdata_allowed && $escape_invalid_children) {
if ($pcdata_allowed && $token->type == 'text') {
$result[] = $token;
} elseif ($pcdata_allowed && $escape_invalid_children) {
$result[] = new HTMLPurifier_Token_Text(
$this->gen->generateFromToken($token, $config)
);
@ -143,7 +147,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
continue;
}
}
if (!$is_deleting) {
if (!$is_deleting || ($pcdata_allowed && $token->type == 'text')) {
$result[] = $token;
} elseif ($pcdata_allowed && $escape_invalid_children) {
$result[] =

View File

@ -8,6 +8,12 @@
* features, such as custom tags, custom parsing of text, etc.
*/
HTMLPurifier_ConfigDef::define(
'Core', 'EscapeInvalidTags', false,
'When true, invalid tags will be written back to the document as plain '.
'text. Otherwise, they are silently dropped.'
);
class HTMLPurifier_Strategy
{

View File

@ -18,6 +18,7 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
function execute($tokens, $config) {
$result = array();
$current_nesting = array();
$escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags');
foreach ($tokens as $token) {
if (empty( $token->is_tag )) {
$result[] = $token;
@ -86,9 +87,11 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
// make sure that we have something open
if (empty($current_nesting)) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token, $config)
);
if ($escape_invalid_tags) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token, $config)
);
}
continue;
}
@ -121,9 +124,11 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
// we still didn't find the tag, so translate to text
if ($skipped_tags === false) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token, $config)
);
if ($escape_invalid_tags) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token, $config)
);
}
continue;
}

View File

@ -26,6 +26,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
function execute($tokens, $config) {
$result = array();
$escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags');
foreach($tokens as $token) {
if (!empty( $token->is_tag )) {
// DEFINITION CALL
@ -40,11 +41,13 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
definition->
info_tag_transform[$token->name]->
transform($token);
} else {
} elseif ($escape_invalid_tags) {
// invalid tag, generate HTML and insert in
$token = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token, $config)
);
} else {
continue;
}
} elseif ($token->type == 'comment') {
// strip comments

View File

@ -24,14 +24,13 @@ class HTMLPurifier_Strategy_CoreTest
$expect[1] = '<b>Make well formed.</b>';
$inputs[2] = '<b><div>Fix nesting.</div></b>';
$expect[2] = '<b></b>';
$expect[2] = '<b>Fix nesting.</b>';
// behavior may change
$inputs[3] = '<asdf>Foreign element removal.</asdf>';
$expect[3] = '&lt;asdf&gt;Foreign element removal.&lt;/asdf&gt;';
$expect[3] = 'Foreign element removal.';
$inputs[4] = '<foo><b><div>All three.</div></b>';
$expect[4] = '&lt;foo&gt;<b></b>';
$expect[4] = '<b>All three.</b>';
$this->assertStrategyWorks($strategy, $inputs, $expect, $config);
}

View File

@ -29,9 +29,9 @@ class HTMLPurifier_Strategy_FixNestingTest
$inputs[1] = '<a href="about:blank">Blank</a><div>Block</div>';
$expect[1] = $inputs[1];
// illegal block in inline, element -> text
// illegal block in inline
$inputs[2] = '<b><div>Illegal div.</div></b>';
$expect[2] = '<b></b>';
$expect[2] = '<b>Illegal div.</b>';
// same test with different configuration (fragile)
$inputs[13] = '<b><div>Illegal div.</div></b>';
@ -72,7 +72,7 @@ class HTMLPurifier_Strategy_FixNestingTest
// block in inline ins not allowed
$inputs[11] = '<span><ins><div>Not allowed!</div></ins></span>';
$expect[11] = '<span><ins></ins></span>';
$expect[11] = '<span><ins>Not allowed!</ins></span>';
// block in inline ins not allowed
$inputs[14] = '<span><ins><div>Not allowed!</div></ins></span>';

View File

@ -28,7 +28,7 @@ class HTMLPurifier_Strategy_MakeWellFormedTest
// CHANGE THIS BEHAVIOR!
$inputs[4] = 'Unused end tags... recycle!</b>';
$expect[4] = 'Unused end tags... recycle!&lt;/b&gt;';
$expect[4] = 'Unused end tags... recycle!';
$inputs[5] = '<br style="clear:both;">';
$expect[5] = '<br style="clear:both;" />';

View File

@ -22,7 +22,7 @@ class HTMLPurifier_Strategy_RemoveForeignElementsTest
// [INVALID]
$inputs[2] = '<asdf>Bling</asdf><d href="bang">Bong</d><foobar />';
$expect[2] = htmlspecialchars($inputs[2]);
$expect[2] = 'BlingBong';
// test simple transform
$inputs[3] = '<menu><li>Item 1</li></menu>';