mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
Make SafeScripting case-sensitive.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
parent
4b6b3b31e8
commit
0f7b138aaf
4
NEWS
4
NEWS
@ -10,7 +10,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
==========================
|
==========================
|
||||||
|
|
||||||
4.10.1, unknown release date
|
4.10.1, unknown release date
|
||||||
(nothing here yet)
|
# SafeScripting is now case-sensitive (previously it was
|
||||||
|
case-insensitive.) Thanks Dimitri Gritsajuk <gritsajuk.dimitri@gmail.com>
|
||||||
|
for reporting.
|
||||||
|
|
||||||
4.10.0, released 2018-02-22
|
4.10.0, released 2018-02-22
|
||||||
# PHP 5.3 is no longer officially supported by HTML Purifier
|
# PHP 5.3 is no longer officially supported by HTML Purifier
|
||||||
|
@ -29,7 +29,7 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
|
|||||||
// While technically not required by the spec, we're forcing
|
// While technically not required by the spec, we're forcing
|
||||||
// it to this value.
|
// it to this value.
|
||||||
'type' => 'Enum#text/javascript',
|
'type' => 'Enum#text/javascript',
|
||||||
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
|
'src*' => new HTMLPurifier_AttrDef_Enum(array_keys($allowed), /*case sensitive*/ true)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
$script->attr_transform_pre[] =
|
$script->attr_transform_pre[] =
|
||||||
|
@ -38,6 +38,10 @@ class HTMLPurifier_HTMLModule_SafeScriptingTest extends HTMLPurifier_HTMLModuleH
|
|||||||
'<script type="text/javascript" src="http://localhost/foobar.js" />',
|
'<script type="text/javascript" src="http://localhost/foobar.js" />',
|
||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
$this->assertResult(
|
||||||
|
'<script type="text/javascript" src="http://localhost/FOO.JS" />',
|
||||||
|
''
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user