mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00
Code Releases Activity

Make SafeScripting case-sensitive.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang 2018-11-11 16:21:34 -05:00
parent 4b6b3b31e8
commit 0f7b138aaf
3 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -10,7 +10,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
==========================
4.10.1, unknown release date
(nothing here yet)
# SafeScripting is now case-sensitive (previously it was
case-insensitive.) Thanks Dimitri Gritsajuk <gritsajuk.dimitri@gmail.com>
for reporting.
4.10.0, released 2018-02-22
# PHP 5.3 is no longer officially supported by HTML Purifier

2
library/HTMLPurifier/HTMLModule/SafeScripting.php
View File

@ -29,7 +29,7 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
// While technically not required by the spec, we're forcing
// it to this value.
'type' => 'Enum#text/javascript',
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true)
)
);
$script->attr_transform_pre[] =

4
tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php
View File

@ -38,6 +38,10 @@ class HTMLPurifier_HTMLModule_SafeScriptingTest extends HTMLPurifier_HTMLModuleH
'<script type="text/javascript" src="http://localhost/foobar.js" />',
''
);
$this->assertResult(
'<script type="text/javascript" src="http://localhost/FOO.JS" />',
''
);
}
}