0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-22 21:31:52 +00:00

MOODLE-556: Changed some CDATA generic attributes to more specific AttrDefs

This commit is contained in:
Xavier Ripoll 2018-11-14 17:15:30 +01:00
parent a0109d3edc
commit 12b1110bf6
2 changed files with 84 additions and 7 deletions

View File

@ -0,0 +1,77 @@
<?php
/**
* Validates the MathML attribute ID.
* @note This just checks that the ID is valid. It explicitly avoids checking
* or adding to the ID Accumulator because the MathML 3 DTD makes it a
* point to allow repeated IDs.
*/
class HTMLPurifier_AttrDef_MathML_ID extends HTMLPurifier_AttrDef
{
/**
* @param string $id
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return bool|string
*/
public function validate($id, $config, $context)
{
$id = trim($id); // trim it first
if ($id === '') {
return false;
}
$prefix = $config->get('Attr.IDPrefix');
if ($prefix !== '') {
$prefix .= $config->get('Attr.IDPrefixLocal');
// prevent re-appending the prefix
if (strpos($id, $prefix) !== 0) {
$id = $prefix . $id;
}
} elseif ($config->get('Attr.IDPrefixLocal') !== '') {
trigger_error(
'%Attr.IDPrefixLocal cannot be used unless ' .
'%Attr.IDPrefix is set',
E_USER_WARNING
);
}
// we purposely avoid using regex, hopefully this is faster
if ($config->get('Attr.ID.HTML5') === true) {
if (preg_match('/[\t\n\x0b\x0c ]/', $id)) {
return false;
}
} else {
if (ctype_alpha($id)) {
// OK
} else {
if (!ctype_alpha(@$id[0])) {
return false;
}
// primitive style of regexps, I suppose
$trim = trim(
$id,
'A..Za..z0..9:-._'
);
if ($trim !== '') {
return false;
}
}
}
$regexp = $config->get('Attr.IDBlacklistRegexp');
if ($regexp && preg_match($regexp, $id)) {
return false;
}
// if no change was made to the ID, return the result
// else, return the new id if stripping whitespace made it
// valid, or return false.
return $id;
}
}

View File

@ -72,21 +72,21 @@ class HTMLPurifier_HTMLModule_MathML extends HTMLPurifier_HTMLModule
$E['DefEncAtt'] = array( $E['DefEncAtt'] = array(
'encoding' => 'CDATA', 'encoding' => 'CDATA',
'definitionurl' => 'CDATA' 'definitionurl' => 'URI'
); );
$E['CommonAtt'] = array_merge( $E['CommonAtt'] = array_merge(
array( array(
'xmlns' => 'Bool#http://www.w3.org/1998/Math/MathML', 'xmlns' => 'Bool#http://www.w3.org/1998/Math/MathML',
$E['XLINK.prefix'] . ':href' => 'CDATA', $E['XLINK.prefix'] . ':href' => 'URI',
$E['XLINK.prefix'] . ':type' => 'CDATA', $E['XLINK.prefix'] . ':type' => 'CDATA',
'xml:lang' => 'CDATA', 'xml:lang' => 'CDATA',
'xml:space' => 'Enum#default,preserve', 'xml:space' => 'Enum#default,preserve',
'id' => 'CDATA', // MathML allows multiple elements with same ID 'id' => new HTMLPurifier_AttrDef_MathML_ID(), // MathML allows multiple elements with same ID
'xref' => 'CDATA', 'xref' => new HTMLPurifier_AttrDef_MathML_ID(),
'class' => 'CDATA', 'class' => 'Class',
'style' => 'CDATA', 'style' => new HTMLPurifier_AttrDef_CSS(),
'href' => 'CDATA', 'href' => 'URI',
'other' => 'CDATA', 'other' => 'CDATA',
), ),
$proprietary_att_wrs, $proprietary_att_wrs,