mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00
Code Releases Activity

svn:eol-style = native

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@97 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-07-23 00:11:03 +00:00
parent 39c16f5cfd
commit 14f481bcf6
21 changed files with 3219 additions and 3219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
benchmarks/Lexer.php
View File

@ -1,144 +1,144 @@
<?php
// emulates inserting a dir called HTMLPurifier into your class dir
set_include_path(get_include_path() . PATH_SEPARATOR . '../library/');
require_once 'HTMLPurifier/Lexer/DirectLex.php';
require_once 'HTMLPurifier/Lexer/PEARSax3.php';
$LEXERS = array(
'DirectLex' => new HTMLPurifier_Lexer_DirectLex(),
'PEARSax3' => new HTMLPurifier_Lexer_PEARSax3()
);
if (version_compare(PHP_VERSION, '5', '>=')) {
require_once 'HTMLPurifier/Lexer/DOMLex.php';
$LEXERS['DOMLex'] = new HTMLPurifier_Lexer_DOMLex();
}
// PEAR
require_once 'Benchmark/Timer.php'; // to do the timing
require_once 'Text/Password.php'; // for generating random input
// custom class to aid unit testing
class RowTimer extends Benchmark_Timer
{
var $name;
function RowTimer($name, $auto = false) {
$this->name = htmlentities($name);
$this->Benchmark_Timer($auto);
}
function getOutput() {
$total = $this->TimeElapsed();
$result = $this->getProfiling();
$dashes = '';
$out = '<tr>';
$out .= "<td>{$this->name}</td>";
foreach ($result as $k => $v) {
if ($v['name'] == 'Start' || $v['name'] == 'Stop') continue;
//$perc = (($v['diff'] * 100) / $total);
//$tperc = (($v['total'] * 100) / $total);
$out .= '<td align="right">' . $v['diff'] . '</td>';
//$out .= '<td align="right">' . number_format($perc, 2, '.', '') .
// '%</td>';
}
$out .= '</tr>';
return $out;
}
}
function print_lexers() {
global $LEXERS;
$first = true;
foreach ($LEXERS as $key => $value) {
if (!$first) echo ' / ';
echo htmlspecialchars($key);
$first = false;
}
}
function do_benchmark($name, $document) {
global $LEXERS;
$timer = new RowTimer($name);
$timer->start();
foreach($LEXERS as $key => $lexer) {
$tokens = $lexer->tokenizeHTML($document);
$timer->setMarker($key);
}
$timer->stop();
$timer->display();
}
?>
<html>
<head>
<title>Benchmark: <?php print_lexers(); ?></title>
</head>
<body>
<h1>Benchmark: <?php print_lexers(); ?></h1>
<table border="1">
<tr><th>Case</th><?php
foreach ($LEXERS as $key => $value) {
echo '<th>' . htmlspecialchars($key) . '</th>';
}
?></tr>
<?php
// ************************************************************************** //
// sample of html pages
$dir = 'samples/Lexer';
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
if (strpos($filename, '.html') !== strlen($filename) - 5) continue;
$document = file_get_contents($dir . '/' . $filename);
do_benchmark("File: $filename", $document);
}
// crashers, caused infinite loops before
$snippets = array();
$snippets[] = '<a href="foo>';
$snippets[] = '<a "=>';
foreach ($snippets as $snippet) {
do_benchmark($snippet, $snippet);
}
// random input
$random = Text_Password::create(80, 'unpronounceable', 'qwerty <>="\'');
do_benchmark('Random input', $random);
?></table>
<?php
echo '<div>Random input was: ' .
'<span colspan="4" style="font-family:monospace;">' .
htmlspecialchars($random) . '</span></div>';
?>
<?php
// emulates inserting a dir called HTMLPurifier into your class dir
set_include_path(get_include_path() . PATH_SEPARATOR . '../library/');
require_once 'HTMLPurifier/Lexer/DirectLex.php';
require_once 'HTMLPurifier/Lexer/PEARSax3.php';
$LEXERS = array(
'DirectLex' => new HTMLPurifier_Lexer_DirectLex(),
'PEARSax3' => new HTMLPurifier_Lexer_PEARSax3()
);
if (version_compare(PHP_VERSION, '5', '>=')) {
require_once 'HTMLPurifier/Lexer/DOMLex.php';
$LEXERS['DOMLex'] = new HTMLPurifier_Lexer_DOMLex();
}
// PEAR
require_once 'Benchmark/Timer.php'; // to do the timing
require_once 'Text/Password.php'; // for generating random input
// custom class to aid unit testing
class RowTimer extends Benchmark_Timer
{
var $name;
function RowTimer($name, $auto = false) {
$this->name = htmlentities($name);
$this->Benchmark_Timer($auto);
}
function getOutput() {
$total = $this->TimeElapsed();
$result = $this->getProfiling();
$dashes = '';
$out = '<tr>';
$out .= "<td>{$this->name}</td>";
foreach ($result as $k => $v) {
if ($v['name'] == 'Start' || $v['name'] == 'Stop') continue;
//$perc = (($v['diff'] * 100) / $total);
//$tperc = (($v['total'] * 100) / $total);
$out .= '<td align="right">' . $v['diff'] . '</td>';
//$out .= '<td align="right">' . number_format($perc, 2, '.', '') .
// '%</td>';
}
$out .= '</tr>';
return $out;
}
}
function print_lexers() {
global $LEXERS;
$first = true;
foreach ($LEXERS as $key => $value) {
if (!$first) echo ' / ';
echo htmlspecialchars($key);
$first = false;
}
}
function do_benchmark($name, $document) {
global $LEXERS;
$timer = new RowTimer($name);
$timer->start();
foreach($LEXERS as $key => $lexer) {
$tokens = $lexer->tokenizeHTML($document);
$timer->setMarker($key);
}
$timer->stop();
$timer->display();
}
?>
<html>
<head>
<title>Benchmark: <?php print_lexers(); ?></title>
</head>
<body>
<h1>Benchmark: <?php print_lexers(); ?></h1>
<table border="1">
<tr><th>Case</th><?php
foreach ($LEXERS as $key => $value) {
echo '<th>' . htmlspecialchars($key) . '</th>';
}
?></tr>
<?php
// ************************************************************************** //
// sample of html pages
$dir = 'samples/Lexer';
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
if (strpos($filename, '.html') !== strlen($filename) - 5) continue;
$document = file_get_contents($dir . '/' . $filename);
do_benchmark("File: $filename", $document);
}
// crashers, caused infinite loops before
$snippets = array();
$snippets[] = '<a href="foo>';
$snippets[] = '<a "=>';
foreach ($snippets as $snippet) {
do_benchmark($snippet, $snippet);
}
// random input
$random = Text_Password::create(80, 'unpronounceable', 'qwerty <>="\'');
do_benchmark('Random input', $random);
?></table>
<?php
echo '<div>Random input was: ' .
'<span colspan="4" style="font-family:monospace;">' .
htmlspecialchars($random) . '</span></div>';
?>
</body></html>

104
benchmarks/samples/Lexer/1.html
View File

@ -1,53 +1,53 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Main Page - Huaxia Taiji Club</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" media="screen, projection" href="/screen.css" />
<link rel="stylesheet" type="text/css" media="print" href="/print.css" />
</head>
<body>
<div id="translation"><a href="/ch/Main_Page">&#20013;&#25991;</a></div>
<div id="heading"><a href="/en/Main_Page" title="English Main Page">Huaxia Taiji Club</a>
<a class="heading_ch" href="/ch/Main_Page" title="&#20013;&#25991;&#20027;&#39029;">&#21326;&#22799;&#22826;&#26497;&#20465;&#20048;&#37096;</a></div>
<ul id="menu">
<li><a href="/en/Main_Page" class="active">Main Page</a></li><li><a href="/en/About">About</a></li><li><a href="/en/News">News</a></li><li><a href="/en/Events">Events</a></li><li><a href="/en/Digest">Digest</a></li><li><a href="/en/Taiji_and_I">Taiji and I</a></li><li><a href="/en/Downloads">Downloads</a></li><li><a href="/en/Registration">Registration</a></li><li><a href="/en/Contact">Contact</a></li> <li><a href="http://www.taijiclub.org/gallery2/main.php">Gallery</a></li>
<li><a href="http://www.taijiclub.org/forums/index.php">Forums</a></li>
</ul>
<div id="content">
<h1 id="title">Main Page</h1><h2>Taiji (Tai Chi) </h2>
<div id="sidebar">
<h3>Recent News</h3>
<ul>
<li>Zou Xiaojun was elected as the new club vice president </li>
<li>HX Edison Taiji Club <a href="http://www.taijiclub.org/downloads/Taiji_club_regulation_.pdf">by-law</a> effective 3/28/2006</li>
<li>A new email account for our club: HXEdisontaijiclub@yahoo.com</li>
<li>Workshop conducted by <a href="http://www.taijiclub.org/ch/Digest/LiDeyin">?????</a> Li Deyin is set on June 4, 2006 at Clarion Hotel in Edison from 9:30am-12pm; <a href="http://www.taijiclub.org/en/Registration">Registration</a></li>
</ul>
</div>
<p><i>Taiji</i> is an ancient Chinese tradition of movement systems that is associated with philosophy, physiology, psychology, geometry and dynamics. It is the slowest form of martial arts and is meant to improve the internal spirit. It is soothing to the soul and extremely invigorating. </p>
<p>The founder of Taiji was Zhang Sanfeng (Chang San-feng), who was a monk of the Wu Dang (Wu Tang) Monastery and lived in the period from 1391 to 1459. His exercises stressed suppleness and elasticity as opposed to the hardness and force of other martial art styles. Several centuries old, Taiji was originally developed as a form of self-defense, emphasizing strength, balance, flexibility and speed. Tai Chi also differs from other martial arts in that it is based on the Taoist religion and aims to avoid aggressive forces. </p>
<p>Modern Taiji includes many forms &mdash; Quan, Sword and Fan. Impacting the mind and body of the practitioners, Taiji is practiced as a meditative exercise made up of a series of forms, or choreographed motions, requiring slow, gentle movement of the arms, legs and torso. Taiji practitioners learn to center their attention on their breathing and body movements so that the exercise strengthens their overall mental and physical awareness. In a sense, Taiji is similar to yoga in that it is also a form of moving meditation, with the goal of achieving stillness through the motion and awareness of breath. To perform Taiji, practitioners have to empty their mind of thoughts and worries in order to achieve harmony. It is a great aid for reducing stress and improving the quality of life. </p>
<p>In China and in communities all over the world, Taiji is practiced by young and old in the early morning hours. It's a great way to bring a new and fresh day!</p>
<p>Check out our <a href="/gallery2/main.php">gallery</a>.</p>
<div style="text-align:center;"><a href="http://www.taijiclub.org/gallery2/v/2006/group1b.jpg.html?g2_imageViewsIndex=1"><img src="/gallery2/d/1836-2/group1b.jpg" /></a></div>
<div style="text-align:center;">Click on photo to see HR version</div></div>
</body>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Main Page - Huaxia Taiji Club</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" media="screen, projection" href="/screen.css" />
<link rel="stylesheet" type="text/css" media="print" href="/print.css" />
</head>
<body>
<div id="translation"><a href="/ch/Main_Page">&#20013;&#25991;</a></div>
<div id="heading"><a href="/en/Main_Page" title="English Main Page">Huaxia Taiji Club</a>
<a class="heading_ch" href="/ch/Main_Page" title="&#20013;&#25991;&#20027;&#39029;">&#21326;&#22799;&#22826;&#26497;&#20465;&#20048;&#37096;</a></div>
<ul id="menu">
<li><a href="/en/Main_Page" class="active">Main Page</a></li><li><a href="/en/About">About</a></li><li><a href="/en/News">News</a></li><li><a href="/en/Events">Events</a></li><li><a href="/en/Digest">Digest</a></li><li><a href="/en/Taiji_and_I">Taiji and I</a></li><li><a href="/en/Downloads">Downloads</a></li><li><a href="/en/Registration">Registration</a></li><li><a href="/en/Contact">Contact</a></li> <li><a href="http://www.taijiclub.org/gallery2/main.php">Gallery</a></li>
<li><a href="http://www.taijiclub.org/forums/index.php">Forums</a></li>
</ul>
<div id="content">
<h1 id="title">Main Page</h1><h2>Taiji (Tai Chi) </h2>
<div id="sidebar">
<h3>Recent News</h3>
<ul>
<li>Zou Xiaojun was elected as the new club vice president </li>
<li>HX Edison Taiji Club <a href="http://www.taijiclub.org/downloads/Taiji_club_regulation_.pdf">by-law</a> effective 3/28/2006</li>
<li>A new email account for our club: HXEdisontaijiclub@yahoo.com</li>
<li>Workshop conducted by <a href="http://www.taijiclub.org/ch/Digest/LiDeyin">?????</a> Li Deyin is set on June 4, 2006 at Clarion Hotel in Edison from 9:30am-12pm; <a href="http://www.taijiclub.org/en/Registration">Registration</a></li>
</ul>
</div>
<p><i>Taiji</i> is an ancient Chinese tradition of movement systems that is associated with philosophy, physiology, psychology, geometry and dynamics. It is the slowest form of martial arts and is meant to improve the internal spirit. It is soothing to the soul and extremely invigorating. </p>
<p>The founder of Taiji was Zhang Sanfeng (Chang San-feng), who was a monk of the Wu Dang (Wu Tang) Monastery and lived in the period from 1391 to 1459. His exercises stressed suppleness and elasticity as opposed to the hardness and force of other martial art styles. Several centuries old, Taiji was originally developed as a form of self-defense, emphasizing strength, balance, flexibility and speed. Tai Chi also differs from other martial arts in that it is based on the Taoist religion and aims to avoid aggressive forces. </p>
<p>Modern Taiji includes many forms &mdash; Quan, Sword and Fan. Impacting the mind and body of the practitioners, Taiji is practiced as a meditative exercise made up of a series of forms, or choreographed motions, requiring slow, gentle movement of the arms, legs and torso. Taiji practitioners learn to center their attention on their breathing and body movements so that the exercise strengthens their overall mental and physical awareness. In a sense, Taiji is similar to yoga in that it is also a form of moving meditation, with the goal of achieving stillness through the motion and awareness of breath. To perform Taiji, practitioners have to empty their mind of thoughts and worries in order to achieve harmony. It is a great aid for reducing stress and improving the quality of life. </p>
<p>In China and in communities all over the world, Taiji is practiced by young and old in the early morning hours. It's a great way to bring a new and fresh day!</p>
<p>Check out our <a href="/gallery2/main.php">gallery</a>.</p>
<div style="text-align:center;"><a href="http://www.taijiclub.org/gallery2/v/2006/group1b.jpg.html?g2_imageViewsIndex=1"><img src="/gallery2/d/1836-2/group1b.jpg" /></a></div>
<div style="text-align:center;">Click on photo to see HR version</div></div>
</body>
</html>

32
benchmarks/samples/Lexer/2.html
View File

@ -1,17 +1,17 @@
<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><style><!--
body,td,a,p,.h{font-family:arial,sans-serif;}
.h{font-size: 20px;}
.q{color:#0000cc;}
//-->
</style>
<script>
<!--
function sf(){document.f.q.focus();}
function rwt(el,ct,cd,sg){var e = window.encodeURIComponent ? encodeURIComponent : escape;el.href="/url?sa=t&ct="+e(ct)+"&cd="+e(cd)+"&url="+e(el.href).replace(/\+/g,"%2B")+"&ei=fHNBRJDEG4HSaLONmIoP"+sg;el.onmousedown="";return true;}
// -->
</script>
</head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onLoad=sf() topmargin=3 marginheight=3><center><table border=0 cellspacing=0 cellpadding=0 width=100%><tr><td align=right nowrap><font size=-1><b>edwardzyang@gmail.com</b>&nbsp;|&nbsp;<a href="/url?sa=p&pref=ig&pval=2&q=http://www.google.com/ig%3Fhl%3Den" onmousedown="return rwt(this,'pro','hppphou:def','&sig2=hDbTpsWIp9YG37a23n6krQ')">Personalized Home</a>&nbsp;|&nbsp;<a href="/searchhistory/?hl=en">Search History</a>&nbsp;|&nbsp;<a href="https://www.google.com/accounts/ManageAccount">My Account</a>&nbsp;|&nbsp;<a href="http://www.google.com/accounts/Logout?continue=http://www.google.com/">Sign out</a></font></td></tr><tr height=4><td><img alt="" width=1 height=1></td></tr></table><img src="/intl/en/images/logo.gif" width=276 height=110 alt="Google"><br><br>
<form action=/search name=f><script><!--
function qs(el) {if (window.RegExp && window.encodeURIComponent) {var ue=el.href;var qe=encodeURIComponent(document.f.q.value);if(ue.indexOf("q=")!=-1){el.href=ue.replace(new RegExp("q=[^&$]*"),"q="+qe);}else{el.href=ue+"&q="+qe;}}return 1;}
// -->
<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><style><!--
body,td,a,p,.h{font-family:arial,sans-serif;}
.h{font-size: 20px;}
.q{color:#0000cc;}
//-->
</style>
<script>
<!--
function sf(){document.f.q.focus();}
function rwt(el,ct,cd,sg){var e = window.encodeURIComponent ? encodeURIComponent : escape;el.href="/url?sa=t&ct="+e(ct)+"&cd="+e(cd)+"&url="+e(el.href).replace(/\+/g,"%2B")+"&ei=fHNBRJDEG4HSaLONmIoP"+sg;el.onmousedown="";return true;}
// -->
</script>
</head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onLoad=sf() topmargin=3 marginheight=3><center><table border=0 cellspacing=0 cellpadding=0 width=100%><tr><td align=right nowrap><font size=-1><b>edwardzyang@gmail.com</b>&nbsp;|&nbsp;<a href="/url?sa=p&pref=ig&pval=2&q=http://www.google.com/ig%3Fhl%3Den" onmousedown="return rwt(this,'pro','hppphou:def','&sig2=hDbTpsWIp9YG37a23n6krQ')">Personalized Home</a>&nbsp;|&nbsp;<a href="/searchhistory/?hl=en">Search History</a>&nbsp;|&nbsp;<a href="https://www.google.com/accounts/ManageAccount">My Account</a>&nbsp;|&nbsp;<a href="http://www.google.com/accounts/Logout?continue=http://www.google.com/">Sign out</a></font></td></tr><tr height=4><td><img alt="" width=1 height=1></td></tr></table><img src="/intl/en/images/logo.gif" width=276 height=110 alt="Google"><br><br>
<form action=/search name=f><script><!--
function qs(el) {if (window.RegExp && window.encodeURIComponent) {var ue=el.href;var qe=encodeURIComponent(document.f.q.value);if(ue.indexOf("q=")!=-1){el.href=ue.replace(new RegExp("q=[^&$]*"),"q="+qe);}else{el.href=ue+"&q="+qe;}}return 1;}
// -->
</script><table border=0 cellspacing=0 cellpadding=4><tr><td nowrap><font size=-1><b>Web</b>&nbsp;&nbsp;&nbsp;&nbsp;<a id=1a class=q href="/imghp?hl=en&tab=wi" onClick="return qs(this);">Images</a>&nbsp;&nbsp;&nbsp;&nbsp;<a id=2a class=q href="http://groups.google.com/grphp?hl=en&tab=wg" onClick="return qs(this);">Groups</a>&nbsp;&nbsp;&nbsp;&nbsp;<a id=4a class=q href="http://news.google.com/nwshp?hl=en&tab=wn" onClick="return qs(this);">News</a>&nbsp;&nbsp;&nbsp;&nbsp;<a id=5a class=q href="http://froogle.google.com/frghp?hl=en&tab=wf" onClick="return qs(this);">Froogle</a>&nbsp;&nbsp;&nbsp;&nbsp;<a id=8a class=q href="/lochp?hl=en&tab=wl" onClick="return qs(this);">Local</a>&nbsp;&nbsp;&nbsp;&nbsp;<b><a href="/intl/en/options/" class=q>more&nbsp;&raquo;</a></b></font></td></tr></table><table cellspacing=0 cellpadding=0><tr><td width=25%>&nbsp;</td><td align=center><input type=hidden name=hl value=en><input maxlength=2048 size=55 name=q value="" title="Google Search"><br><input type=submit value="Google Search" name=btnG><input type=submit value="I'm Feeling Lucky" name=btnI></td><td valign=top nowrap width=25%><font size=-2>&nbsp;&nbsp;<a href=/advanced_search?hl=en>Advanced Search</a><br>&nbsp;&nbsp;<a href=/preferences?hl=en>Preferences</a><br>&nbsp;&nbsp;<a href=/language_tools?hl=en>Language Tools</a></font></td></tr></table></form><br><br><font size=-1><a href="/ads/">Advertising&nbsp;Programs</a> - <a href=/services/>Business Solutions</a> - <a href=/about.html>About Google</a></font><p><font size=-2>&copy;2006 Google</font></p></center></body></html>

256
benchmarks/samples/Lexer/3.html
View File

@ -1,128 +1,128 @@
<html>
<head>
<title>Anime Digi-Lib Index</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<div id="tb">
<form name="lycos_search" method="get" target="_new" style="margin: 0px"
action="http://r.hotbot.com/r/memberpgs_lycos_searchbox_af/http://www.angelfire.lycos.com/cgi-bin/search/pursuit">
<table id="tbtable" cellpadding="0" cellspacing="0" border="0" width="100%" style="border: 1px solid black;">
<tr style="background-color: #dcf7ff">
<td colspan="3">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td>&nbsp;Search:</td>
<td><input type="radio" name="cat" value="lycos" checked></td>
<td nowrap="nowrap">The Web</td>
<td><input type="radio" name="cat" value="angelfire"></td>
<td nowrap="nowrap">Angelfire</td>
<td nowrap="nowrap">&nbsp;&nbsp;&nbsp;<img src="http://af.lygo.com/d/toolbar/planeticon.gif"></td><td nowrap="nowrap">&nbsp;<a href="http://r.lycos.com/r/tlbr_planet/http://planet.lycos.com" target="_new">Planet</a></td>
</tr>
</table>
<td nowrap="nowrap"><a href="http://lt.angelfire.com/af_toolbar/edit/_h_/www.angelfire.lycos.com/build/index.tmpl" target="_top">
<span id="build">Edit your Site</span></a>&nbsp;</td>
<td><img src="http://af.lygo.com/d/toolbar/dir.gif" alt="show site directory" border="0" height="10" hspace="3" width="8"></td>
<td nowrap="nowrap"><a href="http://lt.angelfire.com/af_toolbar/browse/_h_/www.angelfire.lycos.com/directory/index.tmpl" target="_top">Browse Sites</a>&nbsp;</td>
<td><a href="http://lt.angelfire.com/af_toolbar/angelfire/_h_/www.angelfire.lycos.com" target="_top"><img src="http://af.lygo.com/d/toolbar/aflogo_top.gif" alt="hosted by angelfire" border="0" height="26" width="143"></a></td>
</tr>
<tr style="background-color: #dcf7ff">
<td nowrap="nowrap" valign="middle">&nbsp;<input size="30" style="font-size: 10px; background-color: #fff;" type="text" name="query" id="searchbox"></td>
<td style="background: #fff url(http://af.lygo.com/d/toolbar/bg.gif) repeat-x; text-align: center;" colspan="3" align="center">
<a href="http://clk.atdmt.com/VON/go/lycsnvon0710000019von/direct/01/"><img src="/sys/free_logo_xxxx_157x20.gif" height="20" width="157" border="0" alt="Vonage"></a><img src="http://view.atdmt.com/VON/view/lycsnvon0710000019von/direct/01/"></td>
<span style="font-size: 11px;">
<span style="color:#00f; font-weight:bold;">&#171;</span>
<span id="top100">
<a href="javascript:void top100('prev')" target="_top">Previous</a> |
<a href="http://lt.angelfire.com/af_toolbar/top100/_h_/www.angelfire.lycos.com/cgi-bin/top100/pagelist?start=1" target="_top">Top 100</a> |
<a href="javascript:void top100('next')" target="_top">Next</a>
</span>
<span style="color: #00f; font-weight: bold;">&#187;</span>
</span>
</td>
<td valign="top" style="background: #fff url(http://af.lygo.com/d/toolbar/bg.gif) repeat-x;"><a href="http://lt.angelfire.com/af_toolbar/angelfire/_h_/www.angelfire.lycos.com" target="_top"><img src="http://af.lygo.com/d/toolbar/aflogo_bot.gif" alt="hosted by angelfire" border="0" height="22" width="143"></a></td>
</tr>
</table>
</form>
</div>
<table border="0" cellpadding="0" cellspacing="0" width="728"><tr><td>
<script type="text/javascript">
if (objAdMgr.isSlotAvailable("leaderboard")) {
objAdMgr.renderSlot("leaderboard")
}
</script>
<noscript>
<a href="http://network.realmedia.com/RealMedia/ads/click_nx.ads/lycosangelfire/ros/728x90/wp/ss/a/491169@Top1?x"><img border="0" src="http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/lycosangelfire/ros/728x90/wp/ss/a/491169@Top1" alt="leaderboard ad" /></a>
</noscript>
</td></tr>
</table>
<table width="86%" border="0" cellspacing="0" cellpadding="2">
<tr>
<td height="388" width="19%" bgcolor="#FFCCFF" valign="top">
<p>May 1, 2000</p>
<p><b>Pop Culture</b> </p>
<p>by. H. Finkelstein</p>
</td>
<td height="388" width="52%" valign="top">
<p>Welcome to the <b>Anime Digi-Lib</b>, a virtual index to anime on the
internet. This site strives to house a comprehensive index to both personal
and commercial websites and provides reviews to these sites. We hope to
be a gateway for people who've never imagined they'd ever be interested
in Japanese Animation. </p>
<table width="99%" border="1" cellspacing="0" cellpadding="2" height="320" name="Searchnservices">
<tr>
<td height="263" valign="top" width="58%">
<p>&nbsp; </p>
<p>&nbsp;</p>
<FORM ACTION="/cgi-bin/script_library/site_search/search" METHOD="GET">
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<td colspan="2">Search term: <INPUT NAME="search_term"><br></td>
</tr>
<tr>
<td colspan="2" align="center">Case-sensitive -
<INPUT TYPE="checkbox" NAME="case_sensitive">yes<br></td>
</tr>
<tr>
<td align="right"><INPUT TYPE="radio" NAME="search_type" VALUE="exact" CHECKED>exact</td>
<td><INPUT TYPE="radio" NAME="search_type" VALUE="fuzzy">fuzzy<br></td>
</tr>
<tr>
<td colspan="2" align="center"><INPUT TYPE="hidden" NAME="display" VALUE="#FF0000"><INPUT TYPE="submit"></td>
</tr>
</table>
</form>
<td>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr><td><font face="verdana,geneva" color="#000011" size="1">What is better, subtitled or dubbed anime?</font></td></tr>
<tr><td><input type="radio" name="rd" value="1"><font face="verdana" size="2" color="#000011">Subtitled</font></td></tr>
<tr><td align="middle"><font face="verdana" size="1"><a href="http://pub.alxnet.com/poll?id=2079873&q=view">Current results</a></font></td></tr>
</table></td></tr>
<tr>
<td><font face="verdana" size="1"><a href="http://www.alxnet.com/services/poll/">Free
Web Polls</a></font></td>
</tr>
</table></form>
<!-- Alxnet.com -- web poll code ends -->
</td>
</tr>
</table>
</body>
</html>
<html>
<head>
<title>Anime Digi-Lib Index</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<div id="tb">
<form name="lycos_search" method="get" target="_new" style="margin: 0px"
action="http://r.hotbot.com/r/memberpgs_lycos_searchbox_af/http://www.angelfire.lycos.com/cgi-bin/search/pursuit">
<table id="tbtable" cellpadding="0" cellspacing="0" border="0" width="100%" style="border: 1px solid black;">
<tr style="background-color: #dcf7ff">
<td colspan="3">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td>&nbsp;Search:</td>
<td><input type="radio" name="cat" value="lycos" checked></td>
<td nowrap="nowrap">The Web</td>
<td><input type="radio" name="cat" value="angelfire"></td>
<td nowrap="nowrap">Angelfire</td>
<td nowrap="nowrap">&nbsp;&nbsp;&nbsp;<img src="http://af.lygo.com/d/toolbar/planeticon.gif"></td><td nowrap="nowrap">&nbsp;<a href="http://r.lycos.com/r/tlbr_planet/http://planet.lycos.com" target="_new">Planet</a></td>
</tr>
</table>
<td nowrap="nowrap"><a href="http://lt.angelfire.com/af_toolbar/edit/_h_/www.angelfire.lycos.com/build/index.tmpl" target="_top">
<span id="build">Edit your Site</span></a>&nbsp;</td>
<td><img src="http://af.lygo.com/d/toolbar/dir.gif" alt="show site directory" border="0" height="10" hspace="3" width="8"></td>
<td nowrap="nowrap"><a href="http://lt.angelfire.com/af_toolbar/browse/_h_/www.angelfire.lycos.com/directory/index.tmpl" target="_top">Browse Sites</a>&nbsp;</td>
<td><a href="http://lt.angelfire.com/af_toolbar/angelfire/_h_/www.angelfire.lycos.com" target="_top"><img src="http://af.lygo.com/d/toolbar/aflogo_top.gif" alt="hosted by angelfire" border="0" height="26" width="143"></a></td>
</tr>
<tr style="background-color: #dcf7ff">
<td nowrap="nowrap" valign="middle">&nbsp;<input size="30" style="font-size: 10px; background-color: #fff;" type="text" name="query" id="searchbox"></td>
<td style="background: #fff url(http://af.lygo.com/d/toolbar/bg.gif) repeat-x; text-align: center;" colspan="3" align="center">
<a href="http://clk.atdmt.com/VON/go/lycsnvon0710000019von/direct/01/"><img src="/sys/free_logo_xxxx_157x20.gif" height="20" width="157" border="0" alt="Vonage"></a><img src="http://view.atdmt.com/VON/view/lycsnvon0710000019von/direct/01/"></td>
<span style="font-size: 11px;">
<span style="color:#00f; font-weight:bold;">&#171;</span>
<span id="top100">
<a href="javascript:void top100('prev')" target="_top">Previous</a> |
<a href="http://lt.angelfire.com/af_toolbar/top100/_h_/www.angelfire.lycos.com/cgi-bin/top100/pagelist?start=1" target="_top">Top 100</a> |
<a href="javascript:void top100('next')" target="_top">Next</a>
</span>
<span style="color: #00f; font-weight: bold;">&#187;</span>
</span>
</td>
<td valign="top" style="background: #fff url(http://af.lygo.com/d/toolbar/bg.gif) repeat-x;"><a href="http://lt.angelfire.com/af_toolbar/angelfire/_h_/www.angelfire.lycos.com" target="_top"><img src="http://af.lygo.com/d/toolbar/aflogo_bot.gif" alt="hosted by angelfire" border="0" height="22" width="143"></a></td>
</tr>
</table>
</form>
</div>
<table border="0" cellpadding="0" cellspacing="0" width="728"><tr><td>
<script type="text/javascript">
if (objAdMgr.isSlotAvailable("leaderboard")) {
objAdMgr.renderSlot("leaderboard")
}
</script>
<noscript>
<a href="http://network.realmedia.com/RealMedia/ads/click_nx.ads/lycosangelfire/ros/728x90/wp/ss/a/491169@Top1?x"><img border="0" src="http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/lycosangelfire/ros/728x90/wp/ss/a/491169@Top1" alt="leaderboard ad" /></a>
</noscript>
</td></tr>
</table>
<table width="86%" border="0" cellspacing="0" cellpadding="2">
<tr>
<td height="388" width="19%" bgcolor="#FFCCFF" valign="top">
<p>May 1, 2000</p>
<p><b>Pop Culture</b> </p>
<p>by. H. Finkelstein</p>
</td>
<td height="388" width="52%" valign="top">
<p>Welcome to the <b>Anime Digi-Lib</b>, a virtual index to anime on the
internet. This site strives to house a comprehensive index to both personal
and commercial websites and provides reviews to these sites. We hope to
be a gateway for people who've never imagined they'd ever be interested
in Japanese Animation. </p>
<table width="99%" border="1" cellspacing="0" cellpadding="2" height="320" name="Searchnservices">
<tr>
<td height="263" valign="top" width="58%">
<p>&nbsp; </p>
<p>&nbsp;</p>
<FORM ACTION="/cgi-bin/script_library/site_search/search" METHOD="GET">
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<td colspan="2">Search term: <INPUT NAME="search_term"><br></td>
</tr>
<tr>
<td colspan="2" align="center">Case-sensitive -
<INPUT TYPE="checkbox" NAME="case_sensitive">yes<br></td>
</tr>
<tr>
<td align="right"><INPUT TYPE="radio" NAME="search_type" VALUE="exact" CHECKED>exact</td>
<td><INPUT TYPE="radio" NAME="search_type" VALUE="fuzzy">fuzzy<br></td>
</tr>
<tr>
<td colspan="2" align="center"><INPUT TYPE="hidden" NAME="display" VALUE="#FF0000"><INPUT TYPE="submit"></td>
</tr>
</table>
</form>
<td>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr><td><font face="verdana,geneva" color="#000011" size="1">What is better, subtitled or dubbed anime?</font></td></tr>
<tr><td><input type="radio" name="rd" value="1"><font face="verdana" size="2" color="#000011">Subtitled</font></td></tr>
<tr><td align="middle"><font face="verdana" size="1"><a href="http://pub.alxnet.com/poll?id=2079873&q=view">Current results</a></font></td></tr>
</table></td></tr>
<tr>
<td><font face="verdana" size="1"><a href="http://www.alxnet.com/services/poll/">Free
Web Polls</a></font></td>
</tr>
</table></form>
<!-- Alxnet.com -- web poll code ends -->
</td>
</tr>
</table>
</body>
</html>

1080
benchmarks/samples/Lexer/4.html
View File

File diff suppressed because it is too large Load Diff

70
docs/security.txt
View File

@ -1,36 +1,36 @@
Security
Like anything that claims to afford security, HTML_Purifier can be circumvented
through negligence of people. This class will do its job: no more, no less,
and it's up to you to provide it the proper information and proper context
to be effective. Things to remember:
1. UTF-8. Currently, the parser runs under the assumption that it is dealing
with UTF-8. Not ISO-8859-1 or Windows-1252, UTF-8. And definitely not "no
character encoding explicitly stated" or UTF-7. If you're not using UTF-8 as
your character encoding, you should switch. Now. (in future versions, however,
I may make the character encoding configurable, but there's only so much I
can do). Make sure any input is properly converted to UTF-8, or the parser
will mangle it badly (though it won't be a security risk if you're outputting
it as UTF-8).
2. XHTML 1.0 Transitional. This is what the parser is outputting. For the most
part, it's compatible with HTML 4.01, but XHTML enforces some very nice things
that all web developers should use. Regardless, NO DOCTYPE is a NO. Quirks mode
has waaaay too many quirks for a little parser to handle. We did not select
strict in order to prevent ourselves from being too draconic on users.
3. [PROJECTED] IDs. They need to be unique, but without some knowledge of the
rest of the document, it's difficult to know what's unique. I project default
behavior being a customizable prefix to all ID declarations in the document,
so make sure you don't use that prefix. Might cause problems for multiple
instances of HTML escaped output too (especially when it comes to caching).
Best to just zap them completely, perhaps. This will be configurable, and you'll
have to pick the correct one.
4. [PROJECTED] Links. We're not going to try for spam protection (although
some hooks for such a module might be nice) but we may offer the ability to
only accept relative URLs. Pick the one that's right for you.
Security
Like anything that claims to afford security, HTML_Purifier can be circumvented
through negligence of people. This class will do its job: no more, no less,
and it's up to you to provide it the proper information and proper context
to be effective. Things to remember:
1. UTF-8. Currently, the parser runs under the assumption that it is dealing
with UTF-8. Not ISO-8859-1 or Windows-1252, UTF-8. And definitely not "no
character encoding explicitly stated" or UTF-7. If you're not using UTF-8 as
your character encoding, you should switch. Now. (in future versions, however,
I may make the character encoding configurable, but there's only so much I
can do). Make sure any input is properly converted to UTF-8, or the parser
will mangle it badly (though it won't be a security risk if you're outputting
it as UTF-8).
2. XHTML 1.0 Transitional. This is what the parser is outputting. For the most
part, it's compatible with HTML 4.01, but XHTML enforces some very nice things
that all web developers should use. Regardless, NO DOCTYPE is a NO. Quirks mode
has waaaay too many quirks for a little parser to handle. We did not select
strict in order to prevent ourselves from being too draconic on users.
3. [PROJECTED] IDs. They need to be unique, but without some knowledge of the
rest of the document, it's difficult to know what's unique. I project default
behavior being a customizable prefix to all ID declarations in the document,
so make sure you don't use that prefix. Might cause problems for multiple
instances of HTML escaped output too (especially when it comes to caching).
Best to just zap them completely, perhaps. This will be configurable, and you'll
have to pick the correct one.
4. [PROJECTED] Links. We're not going to try for spam protection (although
some hooks for such a module might be nice) but we may offer the ability to
only accept relative URLs. Pick the one that's right for you.
5. [PROJECTED] CSS. What a knotty issue. Probably will have to be configurable.

712
docs/spec.txt
View File

@ -1,356 +1,356 @@
HTML Purifier Specification
by Edward Z. Yang
== Introduction ==
There are a number of ad hoc HTML filtering solutions out there on the web
(some examples including HTML_Safe, kses and SafeHtmlChecker.class.php) that
claim to filter HTML properly, preventing malicious JavaScript and layout
breaking HTML from getting through the parser. None of them, however,
demonstrates a thorough knowledge of neither the DTD that defines the HTML
nor the caveats of HTML that cannot be expressed by a DTD. Configurable
filters (such as kses or PHP's built-in striptags() function) have trouble
validating the contents of attributes and can be subject to security attacks
due to poor configuration. Other filters take the naive approach of
blacklisting known threats and tags, failing to account for the introduction
of new technologies, new tags, new attributes or quirky browser behavior.
However, HTML Purifier takes a different approach, one that doesn't use
specification-ignorant regexes or narrow blacklists. HTML Purifier will
decompose the whole document into tokens, and rigorously process the tokens by:
removing non-whitelisted elements, transforming bad practice tags like <font>
into <span>, properly checking the nesting of tags and their children and
validating all attributes according to their RFCs.
To my knowledge, there is nothing like this on the web yet. Not even MediaWiki,
which allows an amazingly diverse mix of HTML and wikitext in its documents,
gets all the nesting quirks right. Existing solutions hope that no JavaScript
will slip through, but either do not attempt to ensure that the resulting
output is valid XHTML or send the HTML through a draconic XML parser (and yet
still get the nesting wrong: SafeHtmlChecker.class.php does not prevent <a>
tags from being nested within each other).
This document seeks to detail the inner workings of HTML Purifier. The first
draft was drawn up after two rough code sketches and the implementation of a
forgiving lexer. You may also be interested in the unit tests located in the
tests/ folder, which provide a living document on how exactly the filter deals
with malformed input.
In summary:
1. Parse document into an array of tag and text tokens (Lexer)
2. Remove all elements not on whitelist and transform certain other elements
into acceptable forms (i.e. <font>)
3. Make document well formed while helpfully taking into account certain quirks,
such as the fact that <p> tags traditionally are closed by other block-level
elements.
4. Run through all nodes and check children for proper order (especially
important for tables).
5. Validate attributes according to more restrictive definitions based on the
RFCs.
6. Translate back into a string. (Generator)
HTML Purifier is best suited for documents that require a rich array of
HTML tags. Things like blog comments are, in all likelihood, most appropriately
written in an extremely restrictive set of markup that doesn't require
all this functionality (or not written in HTML at all).
== STAGE 1 - parsing ==
Status: A (see source, mainly internals and UTF-8)
The Lexer (currently we have three choices) handles parsing into Tokens.
Here are the mappings for Lexer_PEARSax3
* Start(name, attributes) is openHandler
* End(name) is closeHandler
* Empty(name, attributes) is openHandler (is in array of empties)
* Data(parse(text)) is dataHandler
* Comment(text) is escapeHandler (has leading -)
* Data(text) is escapeHandler (has leading [, CDATA)
Ignorable/not being implemented (although we probably want to output them raw):
* ProcessingInstructions(text) is piHandler
* JavaOrASPInstructions(text) is jaspHandler
== STAGE 2 - remove foreign elements ==
Status: A- (transformations need to be implemented)
At this point, the parser needs to start knowing about the DTD. Since we
hold everything in an associative $info array, if it's set, it's valid, and
we can include. Otherwise zap it, or attempt to figure out what they meant.
<stronf>? A misspelling of <strong>! This feature may be too sugary though.
While we're at it, we can change the Processing Instructions and Java/ASP
Instructions into data blocks, scratch comment blocks, change CharacterData
into Data (although I don't see why we can't do that at the start).
One last thing: the remove foreign elements has to do the element
transformations, from FONT to SPAN, etc.
== STAGE 3 - make well formed ==
Status: A- (not as good as possible)
Now we step through the whole thing and correct nesting issues. Most of the
time, it's making sure the tags match up, but there's some trickery going on
for HTML's quirks. They are:
* Set of tags that close P
'address', 'blockquote', 'dd', 'dir', 'div',
'dl', 'dt', 'h1', 'h2', 'h3', 'h4',
'h5', 'h6', 'hr',
'ol', 'p', 'pre',
'table', 'ul'
* Li closes li
* more?
We also want to do translations, like from FONT to SPAN with STYLE.
== STAGE 4 - check nesting ==
Status: B (table custom definition needs to be implemented)
We know that the document is now well formed. The tokenizer should now take
things in nodes: when you hit a start tag, keep on going until you get its
ending tag, and then handle everything inside there. Fortunantely, no
fancy recursion is necessary as going to the next node is as simple as
scrolling to the next start tag.
Suppose we have a node and encounter a problem with one of its children.
Depending on the complexity of the rule, we will either delete the children,
or delete the entire node itself.
The simplest type of rule is zero or more valid elements, denoted like:
( el1 | el2 | el3 )*
The next simplest is with one or more valid elements:
( li )+
And then you have complex cases:
table (caption?, (col*|colgroup*), thead?, tfoot?, (tbody+|tr+))
map ((%block; | form | %misc;)+ | area+)
html (head, body)
head (%head.misc;,
((title, %head.misc;, (base, %head.misc;)?) |
(base, %head.misc;, (title, %head.misc;))))
Each of these has to be dealt with. Case 1 is a joy, because you can zap
as many as you want, but you'll never actually have to kill the node. Two
and three need the entire node to be killed if you have a problem. This
can be problematic, as the missing node might cause its parent node to now
be incorrect. Granted, it's unlikely, and I'm fairly certain that HTML, let
alone the simplified set I'm allowing will have this problem, but it's worth
checking for.
The way, I suppose, one would check for it, is whenever a node is removed,
scroll to it's parent start, and re-evaluate it. Make sure you're able to do
that with minimal code repetition.
EDITOR'S NOTE: this behavior is not implemented by default, because the
default configuration has a setup that ensures that cascading node removals
will never happen. However, there will be warning signs in case someone tries
to hack it further.
The most complex case can probably be done by using some fancy regexp
expressions and transformations. However, it doesn't seem right that, say,
a stray <b> in a <table> can cause the entire table to be removed. Fixing it,
however, may be too difficult (or not, see below).
This code was excerpted from the PEAR class XML_DTD. It implements regexp
checking.
--
// # This actually does the validation
// Validate the order of the children
if (!$was_error && count($dtd_children)) {
$children_list = implode(',', $children);
$regex = $this->dtd->getPcreRegex($name);
if (!preg_match('/^'.$regex.'$/', $children_list)) {
$dtd_regex = $this->dtd->getDTDRegex($name);
$this->_errors("In element <$name> the children list found:\n'$children_list', ".
"does not conform the DTD definition: '$dtd_regex'", $lineno);
}
}
--
// # This figures out the PcreRegex
//$ch is a string of the allowed childs
$children = preg_split('/([^#a-zA-Z0-9_.-]+)/', $ch, -1, PREG_SPLIT_NO_EMPTY);
// check for parsed character data special case
if (in_array('#PCDATA', $children)) {
$content = '#PCDATA';
if (count($children) == 1) {
$children = array();
break;
}
}
// $children is not used after this
$this->dtd['elements'][$elem_name]['child_validation_dtd_regex'] = $ch;
// Convert the DTD regex language into PCRE regex format
$reg = str_replace(',', ',?', $ch);
$reg = preg_replace('/([#a-zA-Z0-9_.-]+)/', '(,?\\0)', $reg);
$this->dtd['elements'][$elem_name]['child_validation_pcre_regex'] = $reg;
--
We can probably loot and steal all of this. This brilliance of this code is
amazing. I'm lovin' it!
So, the way we define these cases should work like this:
class ChildDef with validateChildren($children_tags)
The function needs to parse into nodes, then into the regex array.
It can result in one of three actions: the removal of the entire parent node,
replacement of all of the original child tags with a new set of child
tags which it returns, or no changes. They shall be denoted as, respectively,
Remove entire parent node = false
Replace child tags with this = array of tags
No changes = true
If we remove the entire parent node, we must scroll back to the parent of the
parent.
--
Another few problems: EXCLUSIONS!
a
must not contain other a elements.
pre
must not contain the img, object, big, small, sub, or sup elements.
button
must not contain the input, select, textarea, label, button, form, fieldset,
iframe or isindex elements.
label
must not contain other label elements.
form
must not contain other form elements.
Normative exclusions straight from the horses mouth. These are SGML style,
not XML style, so we need to modify the ruleset slightly. However, the DTD
may have done this for us already.
--
Also, what do we do with elements if they're not allowed somewhere? We need
some sort of default behavior. I reckon that we should be allowed to:
1. Delete the node
2. Translate it into text (not okay for areas that don't allow #PCDATA)
3. Move the node to somewhere where it is okay
What complicates the matter is that Firefox has the ability to construct
DOMs and render invalid nestings of elements (like <b><div>asdf</div></b>).
This means that behavior for stray pcdata in ul/ol is undefined. Behavior
with data in a table gets bubbled to the start of the table (assuming
that we actually custom-make the table child validation class).
So... I say delete the node when PCDATA isn't allowed (or the regex is too
complicated to determine where PCDATA could be inserted), and translate the node
to text when PCDATA is allowed.
--
Note that generic child definitions are not usually desirable: we should
implement custom handlers for each one that specify the stuff correctly.
== STAGE 4 - check attributes ==
STATUS: N (not started)
While we're doing all this nesting hocus-pocus, attributes are also being
checked. The reason why we need this to be done with the nesting stuff
is if a REQUIRED attribute is not there, we might need to kill the tag (or
replace it with data). Fortunantely, this is rare enough that we only have
to worry about it for certain things:
* ! bdo - dir > replace with span, preserve attributes
* basefont - size
* param - name
* applet - width, height
* ! img - src, alt > if only alt is missing, insert filename, else remove img
* map - id
* area - alt
* form - action
* optgroup - label
* textarea - rows, cols
As you can see, only two of them we would remotely consider for our simplified
tag set. But each has a different set of challenges. For the img tag, we'd
have to be careful about deleting it. If we do hit a snag, we can supply
a default "blank" image.
So after that's all said and done, each of the different types of content
inside the attributes needs to be handled differently.
ContentType(s) [RFC2045]
Charset(s) [RFC2045]
LanguageCode [RFC3066] (NMTOKEN)
Character [XML][2.2] (a single character)
Number /^\d+$/
LinkTypes [HTML][6.12] <space>
MediaDesc [HTML][6.13] <comma>
URI/UriList [RFC2396] <space>
Datetime (ISO date format)
Script ...
StyleSheet [CSS] (complex)
Text CDATA
FrameTarget NMTOKEN
Length (pixel, percentage) (?:px suffix allowed?)
MultiLength (pixel, percentage, or relative)
Pixels (integer)
// map attributes omitted
ImgAlign (top|middle|bottom|left|right)
Color #NNNNNN, #NNN or color name (translate it
Black = #000000 Green = #008000
Silver = #C0C0C0 Lime = #00FF00
Gray = #808080 Olive = #808000
White = #FFFFFF Yellow = #FFFF00
Maroon = #800000 Navy = #000080
Red = #FF0000 Blue = #0000FF
Purple = #800080 Teal = #008080
Fuchsia= #FF00FF Aqua = #00FFFF
// plus some directly defined in the spec
Everything else is either ID, or defined as a certain set of values.
Unless we use reflection (which then we have to make sure the attribute exists),
we probably want to have a function like...
validate($type, $value) where $type is like ContentType or Number
and then pass it to a switch.
The final problem is CSS. Get intimate with the syntax here:
http://www.w3.org/TR/CSS21/syndata.html and also note the "bad" CSS elements
that HTML_Safe defines to help determine a whitelist.
== PART 5 - stringify ==
Status: A+ (done completely!)
Should be fairly simple as long as we delegate to appropriate functions.
It's probably too much trouble to indent the stuff properly, so just output
stuff raw.
HTML Purifier Specification
by Edward Z. Yang
== Introduction ==
There are a number of ad hoc HTML filtering solutions out there on the web
(some examples including HTML_Safe, kses and SafeHtmlChecker.class.php) that
claim to filter HTML properly, preventing malicious JavaScript and layout
breaking HTML from getting through the parser. None of them, however,
demonstrates a thorough knowledge of neither the DTD that defines the HTML
nor the caveats of HTML that cannot be expressed by a DTD. Configurable
filters (such as kses or PHP's built-in striptags() function) have trouble
validating the contents of attributes and can be subject to security attacks
due to poor configuration. Other filters take the naive approach of
blacklisting known threats and tags, failing to account for the introduction
of new technologies, new tags, new attributes or quirky browser behavior.
However, HTML Purifier takes a different approach, one that doesn't use
specification-ignorant regexes or narrow blacklists. HTML Purifier will
decompose the whole document into tokens, and rigorously process the tokens by:
removing non-whitelisted elements, transforming bad practice tags like <font>
into <span>, properly checking the nesting of tags and their children and
validating all attributes according to their RFCs.
To my knowledge, there is nothing like this on the web yet. Not even MediaWiki,
which allows an amazingly diverse mix of HTML and wikitext in its documents,
gets all the nesting quirks right. Existing solutions hope that no JavaScript
will slip through, but either do not attempt to ensure that the resulting
output is valid XHTML or send the HTML through a draconic XML parser (and yet
still get the nesting wrong: SafeHtmlChecker.class.php does not prevent <a>
tags from being nested within each other).
This document seeks to detail the inner workings of HTML Purifier. The first
draft was drawn up after two rough code sketches and the implementation of a
forgiving lexer. You may also be interested in the unit tests located in the
tests/ folder, which provide a living document on how exactly the filter deals
with malformed input.
In summary:
1. Parse document into an array of tag and text tokens (Lexer)
2. Remove all elements not on whitelist and transform certain other elements
into acceptable forms (i.e. <font>)
3. Make document well formed while helpfully taking into account certain quirks,
such as the fact that <p> tags traditionally are closed by other block-level
elements.
4. Run through all nodes and check children for proper order (especially
important for tables).
5. Validate attributes according to more restrictive definitions based on the
RFCs.
6. Translate back into a string. (Generator)
HTML Purifier is best suited for documents that require a rich array of
HTML tags. Things like blog comments are, in all likelihood, most appropriately
written in an extremely restrictive set of markup that doesn't require
all this functionality (or not written in HTML at all).
== STAGE 1 - parsing ==
Status: A (see source, mainly internals and UTF-8)
The Lexer (currently we have three choices) handles parsing into Tokens.
Here are the mappings for Lexer_PEARSax3
* Start(name, attributes) is openHandler
* End(name) is closeHandler
* Empty(name, attributes) is openHandler (is in array of empties)
* Data(parse(text)) is dataHandler
* Comment(text) is escapeHandler (has leading -)
* Data(text) is escapeHandler (has leading [, CDATA)
Ignorable/not being implemented (although we probably want to output them raw):
* ProcessingInstructions(text) is piHandler
* JavaOrASPInstructions(text) is jaspHandler
== STAGE 2 - remove foreign elements ==
Status: A- (transformations need to be implemented)
At this point, the parser needs to start knowing about the DTD. Since we
hold everything in an associative $info array, if it's set, it's valid, and
we can include. Otherwise zap it, or attempt to figure out what they meant.
<stronf>? A misspelling of <strong>! This feature may be too sugary though.
While we're at it, we can change the Processing Instructions and Java/ASP
Instructions into data blocks, scratch comment blocks, change CharacterData
into Data (although I don't see why we can't do that at the start).
One last thing: the remove foreign elements has to do the element
transformations, from FONT to SPAN, etc.
== STAGE 3 - make well formed ==
Status: A- (not as good as possible)
Now we step through the whole thing and correct nesting issues. Most of the
time, it's making sure the tags match up, but there's some trickery going on
for HTML's quirks. They are:
* Set of tags that close P
'address', 'blockquote', 'dd', 'dir', 'div',
'dl', 'dt', 'h1', 'h2', 'h3', 'h4',
'h5', 'h6', 'hr',
'ol', 'p', 'pre',
'table', 'ul'
* Li closes li
* more?
We also want to do translations, like from FONT to SPAN with STYLE.
== STAGE 4 - check nesting ==
Status: B (table custom definition needs to be implemented)
We know that the document is now well formed. The tokenizer should now take
things in nodes: when you hit a start tag, keep on going until you get its
ending tag, and then handle everything inside there. Fortunantely, no
fancy recursion is necessary as going to the next node is as simple as
scrolling to the next start tag.
Suppose we have a node and encounter a problem with one of its children.
Depending on the complexity of the rule, we will either delete the children,
or delete the entire node itself.
The simplest type of rule is zero or more valid elements, denoted like:
( el1 | el2 | el3 )*
The next simplest is with one or more valid elements:
( li )+
And then you have complex cases:
table (caption?, (col*|colgroup*), thead?, tfoot?, (tbody+|tr+))
map ((%block; | form | %misc;)+ | area+)
html (head, body)
head (%head.misc;,
((title, %head.misc;, (base, %head.misc;)?) |
(base, %head.misc;, (title, %head.misc;))))
Each of these has to be dealt with. Case 1 is a joy, because you can zap
as many as you want, but you'll never actually have to kill the node. Two
and three need the entire node to be killed if you have a problem. This
can be problematic, as the missing node might cause its parent node to now
be incorrect. Granted, it's unlikely, and I'm fairly certain that HTML, let
alone the simplified set I'm allowing will have this problem, but it's worth
checking for.
The way, I suppose, one would check for it, is whenever a node is removed,
scroll to it's parent start, and re-evaluate it. Make sure you're able to do
that with minimal code repetition.
EDITOR'S NOTE: this behavior is not implemented by default, because the
default configuration has a setup that ensures that cascading node removals
will never happen. However, there will be warning signs in case someone tries
to hack it further.
The most complex case can probably be done by using some fancy regexp
expressions and transformations. However, it doesn't seem right that, say,
a stray <b> in a <table> can cause the entire table to be removed. Fixing it,
however, may be too difficult (or not, see below).
This code was excerpted from the PEAR class XML_DTD. It implements regexp
checking.
--
// # This actually does the validation
// Validate the order of the children
if (!$was_error && count($dtd_children)) {
$children_list = implode(',', $children);
$regex = $this->dtd->getPcreRegex($name);
if (!preg_match('/^'.$regex.'$/', $children_list)) {
$dtd_regex = $this->dtd->getDTDRegex($name);
$this->_errors("In element <$name> the children list found:\n'$children_list', ".
"does not conform the DTD definition: '$dtd_regex'", $lineno);
}
}
--
// # This figures out the PcreRegex
//$ch is a string of the allowed childs
$children = preg_split('/([^#a-zA-Z0-9_.-]+)/', $ch, -1, PREG_SPLIT_NO_EMPTY);
// check for parsed character data special case
if (in_array('#PCDATA', $children)) {
$content = '#PCDATA';
if (count($children) == 1) {
$children = array();
break;
}
}
// $children is not used after this
$this->dtd['elements'][$elem_name]['child_validation_dtd_regex'] = $ch;
// Convert the DTD regex language into PCRE regex format
$reg = str_replace(',', ',?', $ch);
$reg = preg_replace('/([#a-zA-Z0-9_.-]+)/', '(,?\\0)', $reg);
$this->dtd['elements'][$elem_name]['child_validation_pcre_regex'] = $reg;
--
We can probably loot and steal all of this. This brilliance of this code is
amazing. I'm lovin' it!
So, the way we define these cases should work like this:
class ChildDef with validateChildren($children_tags)
The function needs to parse into nodes, then into the regex array.
It can result in one of three actions: the removal of the entire parent node,
replacement of all of the original child tags with a new set of child
tags which it returns, or no changes. They shall be denoted as, respectively,
Remove entire parent node = false
Replace child tags with this = array of tags
No changes = true
If we remove the entire parent node, we must scroll back to the parent of the
parent.
--
Another few problems: EXCLUSIONS!
a
must not contain other a elements.
pre
must not contain the img, object, big, small, sub, or sup elements.
button
must not contain the input, select, textarea, label, button, form, fieldset,
iframe or isindex elements.
label
must not contain other label elements.
form
must not contain other form elements.
Normative exclusions straight from the horses mouth. These are SGML style,
not XML style, so we need to modify the ruleset slightly. However, the DTD
may have done this for us already.
--
Also, what do we do with elements if they're not allowed somewhere? We need
some sort of default behavior. I reckon that we should be allowed to:
1. Delete the node
2. Translate it into text (not okay for areas that don't allow #PCDATA)
3. Move the node to somewhere where it is okay
What complicates the matter is that Firefox has the ability to construct
DOMs and render invalid nestings of elements (like <b><div>asdf</div></b>).
This means that behavior for stray pcdata in ul/ol is undefined. Behavior
with data in a table gets bubbled to the start of the table (assuming
that we actually custom-make the table child validation class).
So... I say delete the node when PCDATA isn't allowed (or the regex is too
complicated to determine where PCDATA could be inserted), and translate the node
to text when PCDATA is allowed.
--
Note that generic child definitions are not usually desirable: we should
implement custom handlers for each one that specify the stuff correctly.
== STAGE 4 - check attributes ==
STATUS: N (not started)
While we're doing all this nesting hocus-pocus, attributes are also being
checked. The reason why we need this to be done with the nesting stuff
is if a REQUIRED attribute is not there, we might need to kill the tag (or
replace it with data). Fortunantely, this is rare enough that we only have
to worry about it for certain things:
* ! bdo - dir > replace with span, preserve attributes
* basefont - size
* param - name
* applet - width, height
* ! img - src, alt > if only alt is missing, insert filename, else remove img
* map - id
* area - alt
* form - action
* optgroup - label
* textarea - rows, cols
As you can see, only two of them we would remotely consider for our simplified
tag set. But each has a different set of challenges. For the img tag, we'd
have to be careful about deleting it. If we do hit a snag, we can supply
a default "blank" image.
So after that's all said and done, each of the different types of content
inside the attributes needs to be handled differently.
ContentType(s) [RFC2045]
Charset(s) [RFC2045]
LanguageCode [RFC3066] (NMTOKEN)
Character [XML][2.2] (a single character)
Number /^\d+$/
LinkTypes [HTML][6.12] <space>
MediaDesc [HTML][6.13] <comma>
URI/UriList [RFC2396] <space>
Datetime (ISO date format)
Script ...
StyleSheet [CSS] (complex)
Text CDATA
FrameTarget NMTOKEN
Length (pixel, percentage) (?:px suffix allowed?)
MultiLength (pixel, percentage, or relative)
Pixels (integer)
// map attributes omitted
ImgAlign (top|middle|bottom|left|right)
Color #NNNNNN, #NNN or color name (translate it
Black = #000000 Green = #008000
Silver = #C0C0C0 Lime = #00FF00
Gray = #808080 Olive = #808000
White = #FFFFFF Yellow = #FFFF00
Maroon = #800000 Navy = #000080
Red = #FF0000 Blue = #0000FF
Purple = #800080 Teal = #008080
Fuchsia= #FF00FF Aqua = #00FFFF
// plus some directly defined in the spec
Everything else is either ID, or defined as a certain set of values.
Unless we use reflection (which then we have to make sure the attribute exists),
we probably want to have a function like...
validate($type, $value) where $type is like ContentType or Number
and then pass it to a switch.
The final problem is CSS. Get intimate with the syntax here:
http://www.w3.org/TR/CSS21/syndata.html and also note the "bad" CSS elements
that HTML_Safe defines to help determine a whitelist.
== PART 5 - stringify ==
Status: A+ (done completely!)
Should be fairly simple as long as we delegate to appropriate functions.
It's probably too much trouble to indent the stuff properly, so just output
stuff raw.

54
library/HTMLPurifier.php
View File

@ -1,28 +1,28 @@
<?php
require_once 'HTMLPurifier/Lexer.php';
require_once 'HTMLPurifier/Definition.php';
require_once 'HTMLPurifier/Generator.php';
class HTMLPurifier
{
var $lexer;
var $definition;
var $generator;
function HTMLPurifier() {
$this->lexer = new HTMLPurifier_Lexer();
$this->definition = new HTMLPurifier_Definition();
$this->generator = new HTMLPurifier_Generator();
}
function purify($html) {
$tokens = $this->lexer->tokenizeHTML($html);
$tokens = $this->definition->purifyTokens($tokens);
return $this->generator->generateFromTokens($tokens);
}
}
<?php
require_once 'HTMLPurifier/Lexer.php';
require_once 'HTMLPurifier/Definition.php';
require_once 'HTMLPurifier/Generator.php';
class HTMLPurifier
{
var $lexer;
var $definition;
var $generator;
function HTMLPurifier() {
$this->lexer = new HTMLPurifier_Lexer();
$this->definition = new HTMLPurifier_Definition();
$this->generator = new HTMLPurifier_Generator();
}
function purify($html) {
$tokens = $this->lexer->tokenizeHTML($html);
$tokens = $this->definition->purifyTokens($tokens);
return $this->generator->generateFromTokens($tokens);
}
}
?>

20
library/HTMLPurifier/AttrDef.php
View File

@ -1,11 +1,11 @@
<?php
class HTMLPurifier_AttrDef
{
var $def;
function HTMLPurifier_AttrDef($def) {
$this->def = $def;
}
}
<?php
class HTMLPurifier_AttrDef
{
var $def;
function HTMLPurifier_AttrDef($def) {
$this->def = $def;
}
}
?>

336
library/HTMLPurifier/ChildDef.php
View File

@ -1,169 +1,169 @@
<?php
// HTMLPurifier_ChildDef and inheritance have three types of output:
// true = leave nodes as is
// false = delete parent node and all children
// array(...) = replace children nodes with these
// this is the hardest one to implement. We'll use fancy regexp tricks
// right now, we only expect it to return TRUE or FALSE (it won't attempt
// to fix the tree)
// we may end up writing custom code for each HTML case
// in order to make it self correcting
class HTMLPurifier_ChildDef
{
var $type = 'custom';
var $dtd_regex;
var $_pcre_regex;
function HTMLPurifier_ChildDef($dtd_regex) {
$this->dtd_regex = $dtd_regex;
$this->_compileRegex();
}
function _compileRegex() {
$raw = str_replace(' ', '', $this->dtd_regex);
if ($raw{0} != '(') {
$raw = "($raw)";
}
$reg = str_replace(',', ',?', $raw);
$reg = preg_replace('/([#a-zA-Z0-9_.-]+)/', '(,?\\0)', $reg);
$this->_pcre_regex = $reg;
}
function validateChildren($tokens_of_children) {
$list_of_children = '';
$nesting = 0; // depth into the nest
foreach ($tokens_of_children as $token) {
if (!empty($token->is_whitespace)) continue;
$is_child = ($nesting == 0); // direct
if ($token->type == 'start') {
$nesting++;
} elseif ($token->type == 'end') {
$nesting--;
}
if ($is_child) {
$list_of_children .= $token->name . ',';
}
}
$list_of_children = rtrim($list_of_children, ',');
$okay =
preg_match(
'/^'.$this->_pcre_regex.'$/',
$list_of_children
);
return (bool) $okay;
}
}
class HTMLPurifier_ChildDef_Simple extends HTMLPurifier_ChildDef
{
var $elements = array();
function HTMLPurifier_ChildDef_Simple($elements) {
if (is_string($elements)) {
$elements = str_replace(' ', '', $elements);
$elements = explode('|', $elements);
}
$elements = array_flip($elements);
foreach ($elements as $i => $x) $elements[$i] = true;
$this->elements = $elements;
$this->gen = new HTMLPurifier_Generator();
}
function validateChildren() {
trigger_error('Cannot call abstract function!', E_USER_ERROR);
}
}
class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef_Simple
{
var $type = 'required';
function validateChildren($tokens_of_children) {
// if there are no tokens, delete parent node
if (empty($tokens_of_children)) return false;
// the new set of children
$result = array();
// current depth into the nest
$nesting = 0;
// whether or not we're deleting a node
$is_deleting = false;
// whether or not parsed character data is allowed
// this controls whether or not we silently drop a tag
// or generate escaped HTML from it
$pcdata_allowed = isset($this->elements['#PCDATA']);
// a little sanity check to make sure it's not ALL whitespace
$all_whitespace = true;
foreach ($tokens_of_children as $token) {
if (!empty($token->is_whitespace)) {
$result[] = $token;
continue;
}
$all_whitespace = false; // phew, we're not talking about whitespace
$is_child = ($nesting == 0);
if ($token->type == 'start') {
$nesting++;
} elseif ($token->type == 'end') {
$nesting--;
}
if ($is_child) {
$is_deleting = false;
if (!isset($this->elements[$token->name])) {
$is_deleting = true;
if ($pcdata_allowed) {
$result[] = new HTMLPurifier_Token_Text(
$this->gen->generateFromToken($token)
);
}
continue;
}
}
if (!$is_deleting) {
$result[] = $token;
} elseif ($pcdata_allowed) {
$result[] =
new HTMLPurifier_Token_Text(
$this->gen->generateFromToken( $token )
);
} else {
// drop silently
}
}
if (empty($result)) return false;
if ($all_whitespace) return false;
if ($tokens_of_children == $result) return true;
return $result;
}
}
// only altered behavior is that it returns an empty array
// instead of a false (to delete the node)
class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
{
var $type = 'optional';
function validateChildren($tokens_of_children) {
$result = parent::validateChildren($tokens_of_children);
if ($result === false) return array();
return $result;
}
}
// placeholder
class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
{
var $type = 'empty';
function HTMLPurifier_ChildDef_Empty() {}
function validateChildren() {
return false;
}
}
<?php
// HTMLPurifier_ChildDef and inheritance have three types of output:
// true = leave nodes as is
// false = delete parent node and all children
// array(...) = replace children nodes with these
// this is the hardest one to implement. We'll use fancy regexp tricks
// right now, we only expect it to return TRUE or FALSE (it won't attempt
// to fix the tree)
// we may end up writing custom code for each HTML case
// in order to make it self correcting
class HTMLPurifier_ChildDef
{
var $type = 'custom';
var $dtd_regex;
var $_pcre_regex;
function HTMLPurifier_ChildDef($dtd_regex) {
$this->dtd_regex = $dtd_regex;
$this->_compileRegex();
}
function _compileRegex() {
$raw = str_replace(' ', '', $this->dtd_regex);
if ($raw{0} != '(') {
$raw = "($raw)";
}
$reg = str_replace(',', ',?', $raw);
$reg = preg_replace('/([#a-zA-Z0-9_.-]+)/', '(,?\\0)', $reg);
$this->_pcre_regex = $reg;
}
function validateChildren($tokens_of_children) {
$list_of_children = '';
$nesting = 0; // depth into the nest
foreach ($tokens_of_children as $token) {
if (!empty($token->is_whitespace)) continue;
$is_child = ($nesting == 0); // direct
if ($token->type == 'start') {
$nesting++;
} elseif ($token->type == 'end') {
$nesting--;
}
if ($is_child) {
$list_of_children .= $token->name . ',';
}
}
$list_of_children = rtrim($list_of_children, ',');
$okay =
preg_match(
'/^'.$this->_pcre_regex.'$/',
$list_of_children
);
return (bool) $okay;
}
}
class HTMLPurifier_ChildDef_Simple extends HTMLPurifier_ChildDef
{
var $elements = array();
function HTMLPurifier_ChildDef_Simple($elements) {
if (is_string($elements)) {
$elements = str_replace(' ', '', $elements);
$elements = explode('|', $elements);
}
$elements = array_flip($elements);
foreach ($elements as $i => $x) $elements[$i] = true;
$this->elements = $elements;
$this->gen = new HTMLPurifier_Generator();
}
function validateChildren() {
trigger_error('Cannot call abstract function!', E_USER_ERROR);
}
}
class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef_Simple
{
var $type = 'required';
function validateChildren($tokens_of_children) {
// if there are no tokens, delete parent node
if (empty($tokens_of_children)) return false;
// the new set of children
$result = array();
// current depth into the nest
$nesting = 0;
// whether or not we're deleting a node
$is_deleting = false;
// whether or not parsed character data is allowed
// this controls whether or not we silently drop a tag
// or generate escaped HTML from it
$pcdata_allowed = isset($this->elements['#PCDATA']);
// a little sanity check to make sure it's not ALL whitespace
$all_whitespace = true;
foreach ($tokens_of_children as $token) {
if (!empty($token->is_whitespace)) {
$result[] = $token;
continue;
}
$all_whitespace = false; // phew, we're not talking about whitespace
$is_child = ($nesting == 0);
if ($token->type == 'start') {
$nesting++;
} elseif ($token->type == 'end') {
$nesting--;
}
if ($is_child) {
$is_deleting = false;
if (!isset($this->elements[$token->name])) {
$is_deleting = true;
if ($pcdata_allowed) {
$result[] = new HTMLPurifier_Token_Text(
$this->gen->generateFromToken($token)
);
}
continue;
}
}
if (!$is_deleting) {
$result[] = $token;
} elseif ($pcdata_allowed) {
$result[] =
new HTMLPurifier_Token_Text(
$this->gen->generateFromToken( $token )
);
} else {
// drop silently
}
}
if (empty($result)) return false;
if ($all_whitespace) return false;
if ($tokens_of_children == $result) return true;
return $result;
}
}
// only altered behavior is that it returns an empty array
// instead of a false (to delete the node)
class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
{
var $type = 'optional';
function validateChildren($tokens_of_children) {
$result = parent::validateChildren($tokens_of_children);
if ($result === false) return array();
return $result;
}
}
// placeholder
class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
{
var $type = 'empty';
function HTMLPurifier_ChildDef_Empty() {}
function validateChildren() {
return false;
}
}
?>

888
library/HTMLPurifier/Definition.php
View File

@ -1,445 +1,445 @@
<?php
require_once 'HTMLPurifier/AttrDef.php';
require_once 'HTMLPurifier/ChildDef.php';
require_once 'HTMLPurifier/Generator.php';
require_once 'HTMLPurifier/Token.php';
class HTMLPurifier_Definition
{
var $generator;
var $info = array();
var $info_closes_p = array(
// these are all block elements: blocks aren't allowed in P
'address' => true,
'blockquote' => true,
'dd' => true,
'dir' => true,
'div' => true,
'dl' => true,
'dt' => true,
'h1' => true,
'h2' => true,
'h3' => true,
'h4' => true,
'h5' => true,
'h6' => true,
'hr' => true,
'ol' => true,
'p' => true,
'pre' => true,
'table' => true,
'ul' => true
);
function HTMLPurifier_Definition() {
$this->generator = new HTMLPurifier_Generator();
}
function loadData() {
// emulates the structure of the DTD
// entities: prefixed with e_ and _ replaces .
// we don't use an array because that complicates interpolation
// strings are used instead of arrays because if you use arrays,
// you have to do some hideous manipulation with array_merge()
// these are condensed, remember, with bad stuff taken out
// transforms: font, menu, dir, center
// DON'T MONKEY AROUND THIS unless you know what you are doing
// and also know the assumptions the code makes about what this
// contains for optimization purposes (see fixNesting)
$e_special_extra = 'img';
$e_special_basic = 'br | span | bdo';
$e_special = "$e_special_basic | $e_special_extra";
$e_fontstyle_extra = 'big | small';
$e_fontstyle_basic = 'tt | i | b | u | s | strike';
$e_fontstyle = "$e_fontstyle_basic | $e_fontstyle_extra";
$e_phrase_extra = 'sub | sup';
$e_phrase_basic = 'em | strong | dfn | code | q | samp | kbd | var'.
' | cite | abbr | acronym';
$e_phrase = "$e_phrase_basic | $e_phrase_extra";
$e_inline_forms = ''; // humor the dtd
$e_misc_inline = 'ins | del';
$e_misc = "$e_misc_inline";
$e_inline = "a | $e_special | $e_fontstyle | $e_phrase".
" | $e_inline_forms";
// note the casing
$e_Inline = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_inline".
" | $e_misc_inline");
$e_heading = 'h1|h2|h3|h4|h5|h6';
$e_lists = 'ul | ol | dl';
$e_blocktext = 'pre | hr | blockquote | address';
$e_block = "p | $e_heading | div | $e_lists | $e_blocktext | table";
$e_Flow = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_block".
" | $e_inline | $e_misc");
$e_a_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_special".
" | $e_fontstyle | $e_phrase | $e_inline_forms | $e_misc_inline");
$e_pre_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | a".
" | $e_special_basic | $e_fontstyle_basic | $e_phrase_basic".
" | $e_inline_forms | $e_misc_inline");
$e_form_content = new HTMLPurifier_ChildDef_Optional(''); //unused
$e_form_button_content = new HTMLPurifier_ChildDef_Optional(''); // unused
$this->info['ins'] =
$this->info['del'] =
$this->info['blockquote'] =
$this->info['dd'] =
$this->info['li'] =
$this->info['div'] = new HTMLPurifier_ElementDef($e_Flow);
$this->info['em'] =
$this->info['strong'] =
$this->info['dfn'] =
$this->info['code'] =
$this->info['samp'] =
$this->info['kbd'] =
$this->info['var'] =
$this->info['code'] =
$this->info['samp'] =
$this->info['kbd'] =
$this->info['var'] =
$this->info['cite'] =
$this->info['abbr'] =
$this->info['acronym'] =
$this->info['q'] =
$this->info['sub'] =
$this->info['tt'] =
$this->info['sup'] =
$this->info['i'] =
$this->info['b'] =
$this->info['big'] =
$this->info['small'] =
$this->info['u'] =
$this->info['s'] =
$this->info['strike'] =
$this->info['bdo'] =
$this->info['span'] =
$this->info['dt'] =
$this->info['p'] =
$this->info['h1'] =
$this->info['h2'] =
$this->info['h3'] =
$this->info['h4'] =
$this->info['h5'] =
$this->info['h6'] = new HTMLPurifier_ElementDef($e_Inline);
$this->info['ol'] =
$this->info['ul'] =
new HTMLPurifier_ElementDef(
new HTMLPurifier_ChildDef_Required('li')
);
$this->info['dl'] =
new HTMLPurifier_ElementDef(
new HTMLPurifier_ChildDef_Required('dt|dd')
);
$this->info['address'] =
new HTMLPurifier_ElementDef(
new HTMLPurifier_ChildDef_Optional("#PCDATA | p | $e_inline".
" | $e_misc_inline")
);
$this->info['img'] =
$this->info['br'] =
$this->info['hr'] = new HTMLPurifier_ElementDef(new HTMLPurifier_ChildDef_Empty());
$this->info['pre'] = new HTMLPurifier_ElementDef($e_pre_content);
$this->info['a'] = new HTMLPurifier_ElementDef($e_a_content);
}
function purifyTokens($tokens) {
if (empty($this->info)) $this->loadData();
$tokens = $this->removeForeignElements($tokens);
$tokens = $this->makeWellFormed($tokens);
$tokens = $this->fixNesting($tokens);
$tokens = $this->validateAttributes($tokens);
return $tokens;
}
function removeForeignElements($tokens) {
if (empty($this->info)) $this->loadData();
$result = array();
foreach($tokens as $token) {
if (!empty( $token->is_tag )) {
if (!isset($this->info[$token->name])) {
// invalid tag, generate HTML and insert in
$token = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token)
);
}
} elseif ($token->type == 'comment') {
// strip comments
continue;
} elseif ($token->type == 'text') {
} else {
continue;
}
$result[] = $token;
}
return $result;
}
function makeWellFormed($tokens) {
if (empty($this->info)) $this->loadData();
$result = array();
$current_nesting = array();
foreach ($tokens as $token) {
if (empty( $token->is_tag )) {
$result[] = $token;
continue;
}
$info = $this->info[$token->name]; // assumption but valid
// test if it claims to be a start tag but is empty
if ($info->child_def->type == 'empty' &&
$token->type == 'start' ) {
$result[] = new HTMLPurifier_Token_Empty($token->name,
$token->attributes);
continue;
}
// test if it claims to be empty but really is a start tag
if ($info->child_def->type != 'empty' &&
$token->type == 'empty' ) {
$result[] = new HTMLPurifier_Token_Start($token->name,
$token->attributes);
$result[] = new HTMLPurifier_Token_End($token->name);
continue;
}
// automatically insert empty tags
if ($token->type == 'empty') {
$result[] = $token;
continue;
}
// we give start tags precedence, so automatically accept unless...
// it's one of those special cases
if ($token->type == 'start') {
// if there's a parent, check for special case
if (!empty($current_nesting)) {
$current_parent = array_pop($current_nesting);
// check if we're closing a P tag
if ($current_parent->name == 'p' &&
isset($this->info_closes_p[$token->name])
) {
$result[] = new HTMLPurifier_Token_End('p');
$result[] = $token;
$current_nesting[] = $token;
continue;
}
// check if we're closing a LI tag
if ($current_parent->name == 'li' &&
$token->name == 'li'
) {
$result[] = new HTMLPurifier_Token_End('li');
$result[] = $token;
$current_nesting[] = $token;
continue;
}
// this is more TIDY stuff
// we should also get some TABLE related code
// mismatched h#
$current_nesting[] = $current_parent; // undo the pop
}
$result[] = $token;
$current_nesting[] = $token;
continue;
}
// sanity check
if ($token->type != 'end') continue;
// okay, we're dealing with a closing tag
// make sure that we have something open
if (empty($current_nesting)) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token)
);
continue;
}
// first, check for the simplest case: everything closes neatly
// current_nesting is modified
$current_parent = array_pop($current_nesting);
if ($current_parent->name == $token->name) {
$result[] = $token;
continue;
}
// undo the array_pop
$current_nesting[] = $current_parent;
// okay, so we're trying to close the wrong tag
// scroll back the entire nest, trying to find our tag
// feature could be to specify how far you'd like to go
$size = count($current_nesting);
// -2 because -1 is the last element, but we already checked that
$skipped_tags = false;
for ($i = $size - 2; $i >= 0; $i--) {
if ($current_nesting[$i]->name == $token->name) {
// current nesting is modified
$skipped_tags = array_splice($current_nesting, $i);
break;
}
}
// we still didn't find the tag, so translate to text
if ($skipped_tags === false) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token)
);
continue;
}
// okay, we found it, close all the skipped tags
// note that skipped tags contains the element we need closed
$size = count($skipped_tags);
for ($i = $size - 1; $i >= 0; $i--) {
$result[] = new HTMLPurifier_Token_End($skipped_tags[$i]->name);
}
// done!
}
// we're at the end now, fix all still unclosed tags
if (!empty($current_nesting)) {
$size = count($current_nesting);
for ($i = $size - 1; $i >= 0; $i--) {
$result[] =
new HTMLPurifier_Token_End($current_nesting[$i]->name);
}
}
return $result;
}
function fixNesting($tokens) {
if (empty($this->info)) $this->loadData();
// insert implicit "parent" node, will be removed at end
array_unshift($tokens, new HTMLPurifier_Token_Start('div'));
$tokens[] = new HTMLPurifier_Token_End('div');
for ($i = 0, $size = count($tokens) ; $i < $size; ) {
$child_tokens = array();
// scroll to the end of this node, and report number
for ($j = $i, $depth = 0; ; $j++) {
if ($tokens[$j]->type == 'start') {
$depth++;
// skip token assignment on first iteration
if ($depth == 1) continue;
} elseif ($tokens[$j]->type == 'end') {
$depth--;
// skip token assignment on last iteration
if ($depth == 0) break;
}
$child_tokens[] = $tokens[$j];
}
// $i is index of start token
// $j is index of end token
// have DTD child def validate children
$element_def = $this->info[$tokens[$i]->name];
$result = $element_def->child_def->validateChildren($child_tokens);
// process result
if ($result === true) {
// leave the nodes as is
} elseif($result === false) {
// WARNING WARNING WARNING!!!
// While for the original DTD, there will never be
// cascading removal, more complex ones may have such
// a problem.
// If you modify the info array such that an element
// that requires children may contain a child that requires
// children, you need to also scroll back and re-check that
// elements parent node
$length = $j - $i + 1;
// remove entire node
array_splice($tokens, $i, $length);
// change size
$size -= $length;
// ensure that we scroll to the next node
$i--;
} else {
$length = $j - $i - 1;
// replace node with $result
array_splice($tokens, $i + 1, $length, $result);
// change size
$size -= $length;
$size += count($result);
}
// scroll to next node
$i++;
while ($i < $size and $tokens[$i]->type != 'start') $i++;
}
// remove implicit divs
array_shift($tokens);
array_pop($tokens);
return $tokens;
}
function validateAttributes($tokens) {
if (empty($this->info)) $this->loadData();
}
}
class HTMLPurifier_ElementDef
{
var $child_def;
var $attr_def = array();
function HTMLPurifier_ElementDef($child_def, $attr_def = array()) {
$this->child_def = $child_def;
$this->attr_def = $attr_def;
}
}
<?php
require_once 'HTMLPurifier/AttrDef.php';
require_once 'HTMLPurifier/ChildDef.php';
require_once 'HTMLPurifier/Generator.php';
require_once 'HTMLPurifier/Token.php';
class HTMLPurifier_Definition
{
var $generator;
var $info = array();
var $info_closes_p = array(
// these are all block elements: blocks aren't allowed in P
'address' => true,
'blockquote' => true,
'dd' => true,
'dir' => true,
'div' => true,
'dl' => true,
'dt' => true,
'h1' => true,
'h2' => true,
'h3' => true,
'h4' => true,
'h5' => true,
'h6' => true,
'hr' => true,
'ol' => true,
'p' => true,
'pre' => true,
'table' => true,
'ul' => true
);
function HTMLPurifier_Definition() {
$this->generator = new HTMLPurifier_Generator();
}
function loadData() {
// emulates the structure of the DTD
// entities: prefixed with e_ and _ replaces .
// we don't use an array because that complicates interpolation
// strings are used instead of arrays because if you use arrays,
// you have to do some hideous manipulation with array_merge()
// these are condensed, remember, with bad stuff taken out
// transforms: font, menu, dir, center
// DON'T MONKEY AROUND THIS unless you know what you are doing
// and also know the assumptions the code makes about what this
// contains for optimization purposes (see fixNesting)
$e_special_extra = 'img';
$e_special_basic = 'br | span | bdo';
$e_special = "$e_special_basic | $e_special_extra";
$e_fontstyle_extra = 'big | small';
$e_fontstyle_basic = 'tt | i | b | u | s | strike';
$e_fontstyle = "$e_fontstyle_basic | $e_fontstyle_extra";
$e_phrase_extra = 'sub | sup';
$e_phrase_basic = 'em | strong | dfn | code | q | samp | kbd | var'.
' | cite | abbr | acronym';
$e_phrase = "$e_phrase_basic | $e_phrase_extra";
$e_inline_forms = ''; // humor the dtd
$e_misc_inline = 'ins | del';
$e_misc = "$e_misc_inline";
$e_inline = "a | $e_special | $e_fontstyle | $e_phrase".
" | $e_inline_forms";
// note the casing
$e_Inline = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_inline".
" | $e_misc_inline");
$e_heading = 'h1|h2|h3|h4|h5|h6';
$e_lists = 'ul | ol | dl';
$e_blocktext = 'pre | hr | blockquote | address';
$e_block = "p | $e_heading | div | $e_lists | $e_blocktext | table";
$e_Flow = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_block".
" | $e_inline | $e_misc");
$e_a_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_special".
" | $e_fontstyle | $e_phrase | $e_inline_forms | $e_misc_inline");
$e_pre_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | a".
" | $e_special_basic | $e_fontstyle_basic | $e_phrase_basic".
" | $e_inline_forms | $e_misc_inline");
$e_form_content = new HTMLPurifier_ChildDef_Optional(''); //unused
$e_form_button_content = new HTMLPurifier_ChildDef_Optional(''); // unused
$this->info['ins'] =
$this->info['del'] =
$this->info['blockquote'] =
$this->info['dd'] =
$this->info['li'] =
$this->info['div'] = new HTMLPurifier_ElementDef($e_Flow);
$this->info['em'] =
$this->info['strong'] =
$this->info['dfn'] =
$this->info['code'] =
$this->info['samp'] =
$this->info['kbd'] =
$this->info['var'] =
$this->info['code'] =
$this->info['samp'] =
$this->info['kbd'] =
$this->info['var'] =
$this->info['cite'] =
$this->info['abbr'] =
$this->info['acronym'] =
$this->info['q'] =
$this->info['sub'] =
$this->info['tt'] =
$this->info['sup'] =
$this->info['i'] =
$this->info['b'] =
$this->info['big'] =
$this->info['small'] =
$this->info['u'] =
$this->info['s'] =
$this->info['strike'] =
$this->info['bdo'] =
$this->info['span'] =
$this->info['dt'] =
$this->info['p'] =
$this->info['h1'] =
$this->info['h2'] =
$this->info['h3'] =
$this->info['h4'] =
$this->info['h5'] =
$this->info['h6'] = new HTMLPurifier_ElementDef($e_Inline);
$this->info['ol'] =
$this->info['ul'] =
new HTMLPurifier_ElementDef(
new HTMLPurifier_ChildDef_Required('li')
);
$this->info['dl'] =
new HTMLPurifier_ElementDef(
new HTMLPurifier_ChildDef_Required('dt|dd')
);
$this->info['address'] =
new HTMLPurifier_ElementDef(
new HTMLPurifier_ChildDef_Optional("#PCDATA | p | $e_inline".
" | $e_misc_inline")
);
$this->info['img'] =
$this->info['br'] =
$this->info['hr'] = new HTMLPurifier_ElementDef(new HTMLPurifier_ChildDef_Empty());
$this->info['pre'] = new HTMLPurifier_ElementDef($e_pre_content);
$this->info['a'] = new HTMLPurifier_ElementDef($e_a_content);
}
function purifyTokens($tokens) {
if (empty($this->info)) $this->loadData();
$tokens = $this->removeForeignElements($tokens);
$tokens = $this->makeWellFormed($tokens);
$tokens = $this->fixNesting($tokens);
$tokens = $this->validateAttributes($tokens);
return $tokens;
}
function removeForeignElements($tokens) {
if (empty($this->info)) $this->loadData();
$result = array();
foreach($tokens as $token) {
if (!empty( $token->is_tag )) {
if (!isset($this->info[$token->name])) {
// invalid tag, generate HTML and insert in
$token = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token)
);
}
} elseif ($token->type == 'comment') {
// strip comments
continue;
} elseif ($token->type == 'text') {
} else {
continue;
}
$result[] = $token;
}
return $result;
}
function makeWellFormed($tokens) {
if (empty($this->info)) $this->loadData();
$result = array();
$current_nesting = array();
foreach ($tokens as $token) {
if (empty( $token->is_tag )) {
$result[] = $token;
continue;
}
$info = $this->info[$token->name]; // assumption but valid
// test if it claims to be a start tag but is empty
if ($info->child_def->type == 'empty' &&
$token->type == 'start' ) {
$result[] = new HTMLPurifier_Token_Empty($token->name,
$token->attributes);
continue;
}
// test if it claims to be empty but really is a start tag
if ($info->child_def->type != 'empty' &&
$token->type == 'empty' ) {
$result[] = new HTMLPurifier_Token_Start($token->name,
$token->attributes);
$result[] = new HTMLPurifier_Token_End($token->name);
continue;
}
// automatically insert empty tags
if ($token->type == 'empty') {
$result[] = $token;
continue;
}
// we give start tags precedence, so automatically accept unless...
// it's one of those special cases
if ($token->type == 'start') {
// if there's a parent, check for special case
if (!empty($current_nesting)) {
$current_parent = array_pop($current_nesting);
// check if we're closing a P tag
if ($current_parent->name == 'p' &&
isset($this->info_closes_p[$token->name])
) {
$result[] = new HTMLPurifier_Token_End('p');
$result[] = $token;
$current_nesting[] = $token;
continue;
}
// check if we're closing a LI tag
if ($current_parent->name == 'li' &&
$token->name == 'li'
) {
$result[] = new HTMLPurifier_Token_End('li');
$result[] = $token;
$current_nesting[] = $token;
continue;
}
// this is more TIDY stuff
// we should also get some TABLE related code
// mismatched h#
$current_nesting[] = $current_parent; // undo the pop
}
$result[] = $token;
$current_nesting[] = $token;
continue;
}
// sanity check
if ($token->type != 'end') continue;
// okay, we're dealing with a closing tag
// make sure that we have something open
if (empty($current_nesting)) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token)
);
continue;
}
// first, check for the simplest case: everything closes neatly
// current_nesting is modified
$current_parent = array_pop($current_nesting);
if ($current_parent->name == $token->name) {
$result[] = $token;
continue;
}
// undo the array_pop
$current_nesting[] = $current_parent;
// okay, so we're trying to close the wrong tag
// scroll back the entire nest, trying to find our tag
// feature could be to specify how far you'd like to go
$size = count($current_nesting);
// -2 because -1 is the last element, but we already checked that
$skipped_tags = false;
for ($i = $size - 2; $i >= 0; $i--) {
if ($current_nesting[$i]->name == $token->name) {
// current nesting is modified
$skipped_tags = array_splice($current_nesting, $i);
break;
}
}
// we still didn't find the tag, so translate to text
if ($skipped_tags === false) {
$result[] = new HTMLPurifier_Token_Text(
$this->generator->generateFromToken($token)
);
continue;
}
// okay, we found it, close all the skipped tags
// note that skipped tags contains the element we need closed
$size = count($skipped_tags);
for ($i = $size - 1; $i >= 0; $i--) {
$result[] = new HTMLPurifier_Token_End($skipped_tags[$i]->name);
}
// done!
}
// we're at the end now, fix all still unclosed tags
if (!empty($current_nesting)) {
$size = count($current_nesting);
for ($i = $size - 1; $i >= 0; $i--) {
$result[] =
new HTMLPurifier_Token_End($current_nesting[$i]->name);
}
}
return $result;
}
function fixNesting($tokens) {
if (empty($this->info)) $this->loadData();
// insert implicit "parent" node, will be removed at end
array_unshift($tokens, new HTMLPurifier_Token_Start('div'));
$tokens[] = new HTMLPurifier_Token_End('div');
for ($i = 0, $size = count($tokens) ; $i < $size; ) {
$child_tokens = array();
// scroll to the end of this node, and report number
for ($j = $i, $depth = 0; ; $j++) {
if ($tokens[$j]->type == 'start') {
$depth++;
// skip token assignment on first iteration
if ($depth == 1) continue;
} elseif ($tokens[$j]->type == 'end') {
$depth--;
// skip token assignment on last iteration
if ($depth == 0) break;
}
$child_tokens[] = $tokens[$j];
}
// $i is index of start token
// $j is index of end token
// have DTD child def validate children
$element_def = $this->info[$tokens[$i]->name];
$result = $element_def->child_def->validateChildren($child_tokens);
// process result
if ($result === true) {
// leave the nodes as is
} elseif($result === false) {
// WARNING WARNING WARNING!!!
// While for the original DTD, there will never be
// cascading removal, more complex ones may have such
// a problem.
// If you modify the info array such that an element
// that requires children may contain a child that requires
// children, you need to also scroll back and re-check that
// elements parent node
$length = $j - $i + 1;
// remove entire node
array_splice($tokens, $i, $length);
// change size
$size -= $length;
// ensure that we scroll to the next node
$i--;
} else {
$length = $j - $i - 1;
// replace node with $result
array_splice($tokens, $i + 1, $length, $result);
// change size
$size -= $length;
$size += count($result);
}
// scroll to next node
$i++;
while ($i < $size and $tokens[$i]->type != 'start') $i++;
}
// remove implicit divs
array_shift($tokens);
array_pop($tokens);
return $tokens;
}
function validateAttributes($tokens) {
if (empty($this->info)) $this->loadData();
}
}
class HTMLPurifier_ElementDef
{
var $child_def;
var $attr_def = array();
function HTMLPurifier_ElementDef($child_def, $attr_def = array()) {
$this->child_def = $child_def;
$this->attr_def = $attr_def;
}
}
?>

88
library/HTMLPurifier/Generator.php
View File

@ -1,45 +1,45 @@
<?php
class HTMLPurifier_Generator
{
function generateFromTokens($tokens) {
$html = '';
foreach ($tokens as $token) {
$html .= $this->generateFromToken($token);
}
return $html;
}
function generateFromToken($token) {
if ($token->type == 'start') {
$attr = $this->generateAttributes($token->attributes);
return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>';
} elseif ($token->type == 'end') {
return '</' . $token->name . '>';
} elseif ($token->type == 'empty') {
$attr = $this->generateAttributes($token->attributes);
return '<' . $token->name . ($attr ? ' ' : '') . $attr . ' />';
} elseif ($token->type == 'text') {
return htmlentities($token->data, ENT_COMPAT, 'UTF-8');
} else {
return '';
}
}
function generateAttributes($assoc_array_of_attributes) {
$html = '';
foreach ($assoc_array_of_attributes as $key => $value) {
$html .= $key.'="'.htmlentities($value, ENT_COMPAT, 'UTF-8').'" ';
}
return rtrim($html);
}
}
<?php
class HTMLPurifier_Generator
{
function generateFromTokens($tokens) {
$html = '';
foreach ($tokens as $token) {
$html .= $this->generateFromToken($token);
}
return $html;
}
function generateFromToken($token) {
if ($token->type == 'start') {
$attr = $this->generateAttributes($token->attributes);
return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>';
} elseif ($token->type == 'end') {
return '</' . $token->name . '>';
} elseif ($token->type == 'empty') {
$attr = $this->generateAttributes($token->attributes);
return '<' . $token->name . ($attr ? ' ' : '') . $attr . ' />';
} elseif ($token->type == 'text') {
return htmlentities($token->data, ENT_COMPAT, 'UTF-8');
} else {
return '';
}
}
function generateAttributes($assoc_array_of_attributes) {
$html = '';
foreach ($assoc_array_of_attributes as $key => $value) {
$html .= $key.'="'.htmlentities($value, ENT_COMPAT, 'UTF-8').'" ';
}
return rtrim($html);
}
}
?>

706
library/HTMLPurifier/Lexer/DirectLex.php
View File

@ -1,354 +1,354 @@
<?php
/*
TODO:
* Reread the XML spec and make sure I got everything right
* Add support for CDATA sections
* Have comments output with the leading and trailing --s
* Optimize and benchmark
* Check MF_Text behavior: shouldn't the info in there be raw (entities parsed?)
*/
require_once 'HTMLPurifier/Lexer.php';
class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
{
// does this version of PHP support utf8 as entity function charset?
var $_entity_utf8;
function HTMLPurifier_Lexer() {
$this->_entity_utf8 = version_compare(PHP_VERSION, '5', '>=');
}
// this is QUITE a knotty problem
//
// The main trouble is that, even while assuming UTF-8 is what we're
// using, we've got to deal with HTML entities (like &mdash;)
// Not even sure if the PHP 5 decoding function does that. Plus,
// SimpleTest doesn't use UTF-8!
//
// However, we MUST parse everything possible, because once you get
// to the HTML generator, it will escape everything possible (although
// that may not be correct, and we should be using htmlspecialchars() ).
//
// Nevertheless, strictly XML speaking, we cannot assume any character
// entities are defined except the htmlspecialchars() ones, so leaving
// the entities inside HERE is not acceptable. (plus, htmlspecialchars
// might convert them anyway). So EVERYTHING must get parsed.
//
// We may need to roll our own character entity lookup table. It's only
// about 250, fortunantely, the decimal/hex ones map cleanly to UTF-8.
function parseData($string) {
// we may want to let the user do a different char encoding,
// although there is NO REASON why they shouldn't be able
// to convert it to UTF-8 before they pass it to us
// no support for less than PHP 4.3
if ($this->_entity_utf8) {
// PHP 5+, UTF-8 is nicely supported
return @html_entity_decode($string, ENT_QUOTES, 'UTF-8');
} else {
// PHP 4, do compat stuff
$string = html_entity_decode($string, ENT_QUOTES, 'ISO-8859-1');
// get the numeric UTF-8 stuff
$string = preg_replace('/&#(\d+);/me', "chr(\\1)", $string);
$string = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)",$string);
// get the stringy UTF-8 stuff
return $string;
}
}
function nextQuote($string, $offset = 0) {
$next = strcspn($string, '"\'', $offset) + $offset;
return strlen($string) == $next ? false : $next;
}
function nextWhiteSpace($string, $offset = 0) {
$next = strcspn($string, "\x20\x09\x0D\x0A", $offset) + $offset;
return strlen($string) == $next ? false : $next;
}
function tokenizeHTML($string) {
// some quick checking (if empty, return empty)
$string = @ (string) $string;
if ($string == '') return array();
$cursor = 0; // our location in the text
$inside_tag = false; // whether or not we're parsing the inside of a tag
$array = array(); // result array
// infinite loop protection
// has to be pretty big, since html docs can be big
// we're allow two hundred thousand tags... more than enough?
$loops = 0;
while(true) {
// infinite loop protection
if (++$loops > 200000) return array();
$position_next_lt = strpos($string, '<', $cursor);
$position_next_gt = strpos($string, '>', $cursor);
// triggers on "<b>asdf</b>" but not "asdf <b></b>"
if ($position_next_lt === $cursor) {
$inside_tag = true;
$cursor++;
}
if (!$inside_tag && $position_next_lt !== false) {
// We are not inside tag and there still is another tag to parse
$array[] = new
HTMLPurifier_Token_Text(
html_entity_decode(
substr(
$string, $cursor, $position_next_lt - $cursor
),
ENT_QUOTES
)
);
$cursor = $position_next_lt + 1;
$inside_tag = true;
continue;
} elseif (!$inside_tag) {
// We are not inside tag but there are no more tags
// If we're already at the end, break
if ($cursor === strlen($string)) break;
// Create Text of rest of string
$array[] = new
HTMLPurifier_Token_Text(
html_entity_decode(
substr(
$string, $cursor
),
ENT_QUOTES
)
);
break;
} elseif ($inside_tag && $position_next_gt !== false) {
// We are in tag and it is well formed
// Grab the internals of the tag
$segment = substr($string, $cursor, $position_next_gt-$cursor);
// Check if it's a comment
if (
substr($segment,0,3) == '!--' &&
substr($segment,strlen($segment)-2,2) == '--'
) {
$array[] = new
HTMLPurifier_Token_Comment(
substr(
$segment, 3, strlen($segment) - 5
)
);
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Check if it's an end tag
$is_end_tag = (strpos($segment,'/') === 0);
if ($is_end_tag) {
$type = substr($segment, 1);
$array[] = new HTMLPurifier_Token_End($type);
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Check if it is explicitly self closing, if so, remove
// trailing slash. Remember, we could have a tag like <br>, so
// any later token processing scripts must convert improperly
// classified EmptyTags from StartTags.
$is_self_closing= (strpos($segment,'/') === strlen($segment)-1);
if ($is_self_closing) {
$segment = substr($segment, 0, strlen($segment) - 1);
}
// Check if there are any attributes
$position_first_space = $this->nextWhiteSpace($segment);
if ($position_first_space === false) {
if ($is_self_closing) {
$array[] = new HTMLPurifier_Token_Empty($segment);
} else {
$array[] = new HTMLPurifier_Token_Start($segment);
}
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Grab out all the data
$type = substr($segment, 0, $position_first_space);
$attribute_string =
trim(
substr(
$segment, $position_first_space
)
);
if ($attribute_string) {
$attributes = $this->tokenizeAttributeString(
$attribute_string
);
} else {
$attributes = array();
}
if ($is_self_closing) {
$array[] = new HTMLPurifier_Token_Empty($type, $attributes);
} else {
$array[] = new HTMLPurifier_Token_Start($type, $attributes);
}
$cursor = $position_next_gt + 1;
$inside_tag = false;
continue;
} else {
$array[] = new
HTMLPurifier_Token_Text(
'<' .
html_entity_decode(
substr($string, $cursor),
ENT_QUOTES
)
);
break;
}
break;
}
return $array;
}
function tokenizeAttributeString($string) {
$string = (string) $string; // quick typecast
if ($string == '') return array(); // no attributes
// let's see if we can abort as quickly as possible
// one equal sign, no spaces => one attribute
$num_equal = substr_count($string, '=');
$has_space = strpos($string, ' ');
if ($num_equal === 0 && !$has_space) {
// bool attribute
return array($string => $string);
} elseif ($num_equal === 1 && !$has_space) {
// only one attribute
list($key, $quoted_value) = explode('=', $string);
$quoted_value = trim($quoted_value);
if (!$key) return array();
if (!$quoted_value) return array($key => '');
$first_char = @$quoted_value[0];
$last_char = @$quoted_value[strlen($quoted_value)-1];
$same_quote = ($first_char == $last_char);
$open_quote = ($first_char == '"' || $first_char == "'");
if ( $same_quote && $open_quote) {
// well behaved
$value = substr($quoted_value, 1, strlen($quoted_value) - 2);
} else {
// not well behaved
if ($open_quote) {
$value = substr($quoted_value, 1);
} else {
$value = $quoted_value;
}
}
return array($key => $value);
}
// setup loop environment
$array = array(); // return assoc array of attributes
$cursor = 0; // current position in string (moves forward)
$size = strlen($string); // size of the string (stays the same)
// if we have unquoted attributes, the parser expects a terminating
// space, so let's guarantee that there's always a terminating space.
$string .= ' ';
// infinite loop protection
$loops = 0;
while(true) {
// infinite loop protection
if (++$loops > 1000) return array();
if ($cursor >= $size) {
break;
}
$cursor += ($value = strspn($string, "\x20\x09\x0D\x0A", $cursor));
$position_next_space = $this->nextWhiteSpace($string, $cursor);
$position_next_equal = strpos($string, '=', $cursor);
// grab the key
$key_begin = $cursor; //we're currently at the start of the key
// scroll past all characters that are the key (not whitespace or =)
$cursor += strcspn($string, "\x20\x09\x0D\x0A=", $cursor);
$key_end = $cursor; // now at the end of the key
$key = substr($string, $key_begin, $key_end - $key_begin);
if (!$key) continue; // empty key
// scroll past all whitespace
$cursor += strspn($string, "\x20\x09\x0D\x0A", $cursor);
if ($cursor >= $size) {
$array[$key] = $key;
break;
}
// if the next character is an equal sign, we've got a regular
// pair, otherwise, it's a bool attribute
$first_char = @$string[$cursor];
if ($first_char == '=') {
// key="value"
$cursor++;
$cursor += strspn($string, "\x20\x09\x0D\x0A", $cursor);
// we might be in front of a quote right now
$char = @$string[$cursor];
if ($char == '"' || $char == "'") {
// it's quoted, end bound is $char
$cursor++;
$value_begin = $cursor;
$cursor = strpos($string, $char, $cursor);
$value_end = $cursor;
} else {
// it's not quoted, end bound is whitespace
$value_begin = $cursor;
$cursor += strcspn($string, "\x20\x09\x0D\x0A", $cursor);
$value_end = $cursor;
}
$value = substr($string, $value_begin, $value_end - $value_begin);
$array[$key] = $value;
$cursor++;
} else {
// boolattr
if ($key !== '') {
$array[$key] = $key;
}
}
}
return $array;
}
}
<?php
/*
TODO:
* Reread the XML spec and make sure I got everything right
* Add support for CDATA sections
* Have comments output with the leading and trailing --s
* Optimize and benchmark
* Check MF_Text behavior: shouldn't the info in there be raw (entities parsed?)
*/
require_once 'HTMLPurifier/Lexer.php';
class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
{
// does this version of PHP support utf8 as entity function charset?
var $_entity_utf8;
function HTMLPurifier_Lexer() {
$this->_entity_utf8 = version_compare(PHP_VERSION, '5', '>=');
}
// this is QUITE a knotty problem
//
// The main trouble is that, even while assuming UTF-8 is what we're
// using, we've got to deal with HTML entities (like &mdash;)
// Not even sure if the PHP 5 decoding function does that. Plus,
// SimpleTest doesn't use UTF-8!
//
// However, we MUST parse everything possible, because once you get
// to the HTML generator, it will escape everything possible (although
// that may not be correct, and we should be using htmlspecialchars() ).
//
// Nevertheless, strictly XML speaking, we cannot assume any character
// entities are defined except the htmlspecialchars() ones, so leaving
// the entities inside HERE is not acceptable. (plus, htmlspecialchars
// might convert them anyway). So EVERYTHING must get parsed.
//
// We may need to roll our own character entity lookup table. It's only
// about 250, fortunantely, the decimal/hex ones map cleanly to UTF-8.
function parseData($string) {
// we may want to let the user do a different char encoding,
// although there is NO REASON why they shouldn't be able
// to convert it to UTF-8 before they pass it to us
// no support for less than PHP 4.3
if ($this->_entity_utf8) {
// PHP 5+, UTF-8 is nicely supported
return @html_entity_decode($string, ENT_QUOTES, 'UTF-8');
} else {
// PHP 4, do compat stuff
$string = html_entity_decode($string, ENT_QUOTES, 'ISO-8859-1');
// get the numeric UTF-8 stuff
$string = preg_replace('/&#(\d+);/me', "chr(\\1)", $string);
$string = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)",$string);
// get the stringy UTF-8 stuff
return $string;
}
}
function nextQuote($string, $offset = 0) {
$next = strcspn($string, '"\'', $offset) + $offset;
return strlen($string) == $next ? false : $next;
}
function nextWhiteSpace($string, $offset = 0) {
$next = strcspn($string, "\x20\x09\x0D\x0A", $offset) + $offset;
return strlen($string) == $next ? false : $next;
}
function tokenizeHTML($string) {
// some quick checking (if empty, return empty)
$string = @ (string) $string;
if ($string == '') return array();
$cursor = 0; // our location in the text
$inside_tag = false; // whether or not we're parsing the inside of a tag
$array = array(); // result array
// infinite loop protection
// has to be pretty big, since html docs can be big
// we're allow two hundred thousand tags... more than enough?
$loops = 0;
while(true) {
// infinite loop protection
if (++$loops > 200000) return array();
$position_next_lt = strpos($string, '<', $cursor);
$position_next_gt = strpos($string, '>', $cursor);
// triggers on "<b>asdf</b>" but not "asdf <b></b>"
if ($position_next_lt === $cursor) {
$inside_tag = true;
$cursor++;
}
if (!$inside_tag && $position_next_lt !== false) {
// We are not inside tag and there still is another tag to parse
$array[] = new
HTMLPurifier_Token_Text(
html_entity_decode(
substr(
$string, $cursor, $position_next_lt - $cursor
),
ENT_QUOTES
)
);
$cursor = $position_next_lt + 1;
$inside_tag = true;
continue;
} elseif (!$inside_tag) {
// We are not inside tag but there are no more tags
// If we're already at the end, break
if ($cursor === strlen($string)) break;
// Create Text of rest of string
$array[] = new
HTMLPurifier_Token_Text(
html_entity_decode(
substr(
$string, $cursor
),
ENT_QUOTES
)
);
break;
} elseif ($inside_tag && $position_next_gt !== false) {
// We are in tag and it is well formed
// Grab the internals of the tag
$segment = substr($string, $cursor, $position_next_gt-$cursor);
// Check if it's a comment
if (
substr($segment,0,3) == '!--' &&
substr($segment,strlen($segment)-2,2) == '--'
) {
$array[] = new
HTMLPurifier_Token_Comment(
substr(
$segment, 3, strlen($segment) - 5
)
);
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Check if it's an end tag
$is_end_tag = (strpos($segment,'/') === 0);
if ($is_end_tag) {
$type = substr($segment, 1);
$array[] = new HTMLPurifier_Token_End($type);
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Check if it is explicitly self closing, if so, remove
// trailing slash. Remember, we could have a tag like <br>, so
// any later token processing scripts must convert improperly
// classified EmptyTags from StartTags.
$is_self_closing= (strpos($segment,'/') === strlen($segment)-1);
if ($is_self_closing) {
$segment = substr($segment, 0, strlen($segment) - 1);
}
// Check if there are any attributes
$position_first_space = $this->nextWhiteSpace($segment);
if ($position_first_space === false) {
if ($is_self_closing) {
$array[] = new HTMLPurifier_Token_Empty($segment);
} else {
$array[] = new HTMLPurifier_Token_Start($segment);
}
$inside_tag = false;
$cursor = $position_next_gt + 1;
continue;
}
// Grab out all the data
$type = substr($segment, 0, $position_first_space);
$attribute_string =
trim(
substr(
$segment, $position_first_space
)
);
if ($attribute_string) {
$attributes = $this->tokenizeAttributeString(
$attribute_string
);
} else {
$attributes = array();
}
if ($is_self_closing) {
$array[] = new HTMLPurifier_Token_Empty($type, $attributes);
} else {
$array[] = new HTMLPurifier_Token_Start($type, $attributes);
}
$cursor = $position_next_gt + 1;
$inside_tag = false;
continue;
} else {
$array[] = new
HTMLPurifier_Token_Text(
'<' .
html_entity_decode(
substr($string, $cursor),
ENT_QUOTES
)
);
break;
}
break;
}
return $array;
}
function tokenizeAttributeString($string) {
$string = (string) $string; // quick typecast
if ($string == '') return array(); // no attributes
// let's see if we can abort as quickly as possible
// one equal sign, no spaces => one attribute
$num_equal = substr_count($string, '=');
$has_space = strpos($string, ' ');
if ($num_equal === 0 && !$has_space) {
// bool attribute
return array($string => $string);
} elseif ($num_equal === 1 && !$has_space) {
// only one attribute
list($key, $quoted_value) = explode('=', $string);
$quoted_value = trim($quoted_value);
if (!$key) return array();
if (!$quoted_value) return array($key => '');
$first_char = @$quoted_value[0];
$last_char = @$quoted_value[strlen($quoted_value)-1];
$same_quote = ($first_char == $last_char);
$open_quote = ($first_char == '"' || $first_char == "'");
if ( $same_quote && $open_quote) {
// well behaved
$value = substr($quoted_value, 1, strlen($quoted_value) - 2);
} else {
// not well behaved
if ($open_quote) {
$value = substr($quoted_value, 1);
} else {
$value = $quoted_value;
}
}
return array($key => $value);
}
// setup loop environment
$array = array(); // return assoc array of attributes
$cursor = 0; // current position in string (moves forward)
$size = strlen($string); // size of the string (stays the same)
// if we have unquoted attributes, the parser expects a terminating
// space, so let's guarantee that there's always a terminating space.
$string .= ' ';
// infinite loop protection
$loops = 0;
while(true) {
// infinite loop protection
if (++$loops > 1000) return array();
if ($cursor >= $size) {
break;
}
$cursor += ($value = strspn($string, "\x20\x09\x0D\x0A", $cursor));
$position_next_space = $this->nextWhiteSpace($string, $cursor);
$position_next_equal = strpos($string, '=', $cursor);
// grab the key
$key_begin = $cursor; //we're currently at the start of the key
// scroll past all characters that are the key (not whitespace or =)
$cursor += strcspn($string, "\x20\x09\x0D\x0A=", $cursor);
$key_end = $cursor; // now at the end of the key
$key = substr($string, $key_begin, $key_end - $key_begin);
if (!$key) continue; // empty key
// scroll past all whitespace
$cursor += strspn($string, "\x20\x09\x0D\x0A", $cursor);
if ($cursor >= $size) {
$array[$key] = $key;
break;
}
// if the next character is an equal sign, we've got a regular
// pair, otherwise, it's a bool attribute
$first_char = @$string[$cursor];
if ($first_char == '=') {
// key="value"
$cursor++;
$cursor += strspn($string, "\x20\x09\x0D\x0A", $cursor);
// we might be in front of a quote right now
$char = @$string[$cursor];
if ($char == '"' || $char == "'") {
// it's quoted, end bound is $char
$cursor++;
$value_begin = $cursor;
$cursor = strpos($string, $char, $cursor);
$value_end = $cursor;
} else {
// it's not quoted, end bound is whitespace
$value_begin = $cursor;
$cursor += strcspn($string, "\x20\x09\x0D\x0A", $cursor);
$value_end = $cursor;
}
$value = substr($string, $value_begin, $value_end - $value_begin);
$array[$key] = $value;
$cursor++;
} else {
// boolattr
if ($key !== '') {
$array[$key] = $key;
}
}
}
return $array;
}
}
?>

114
library/HTMLPurifier/Lexer/PEARSax3.php
View File

@ -1,58 +1,58 @@
<?php
require_once 'XML/HTMLSax3.php'; // PEAR
require_once 'HTMLPurifier/Lexer.php';
// uses the PEAR class XML_HTMLSax3 to parse XML
class HTMLPurifier_Lexer_PEARSax3 extends HTMLPurifier_Lexer
{
var $tokens;
function tokenizeHTML($html) {
$this->tokens = array();
$parser=& new XML_HTMLSax3();
$parser->set_object($this);
$parser->set_element_handler('openHandler','closeHandler');
$parser->set_data_handler('dataHandler');
$parser->set_escape_handler('escapeHandler');
$parser->set_option('XML_OPTION_ENTITIES_PARSED', 1);
$parser->parse($html);
return $this->tokens;
}
function openHandler(&$parser, $name, $attrs, $closed) {
if ($closed) {
$this->tokens[] = new HTMLPurifier_Token_Empty($name, $attrs);
} else {
$this->tokens[] = new HTMLPurifier_Token_Start($name, $attrs);
}
return true;
}
function closeHandler(&$parser, $name) {
// HTMLSax3 seems to always send empty tags an extra close tag
// check and ignore if you see it:
// [TESTME] to make sure it doesn't overreach
if ($this->tokens[count($this->tokens)-1]->type == 'empty') {
return true;
}
$this->tokens[] = new HTMLPurifier_Token_End($name);
return true;
}
function dataHandler(&$parser, $data) {
$this->tokens[] = new HTMLPurifier_Token_Text($data);
return true;
}
function escapeHandler(&$parser, $data) {
if (strpos($data, '-') === 0) {
$this->tokens[] = new HTMLPurifier_Token_Comment($data);
}
return true;
}
}
<?php
require_once 'XML/HTMLSax3.php'; // PEAR
require_once 'HTMLPurifier/Lexer.php';
// uses the PEAR class XML_HTMLSax3 to parse XML
class HTMLPurifier_Lexer_PEARSax3 extends HTMLPurifier_Lexer
{
var $tokens;
function tokenizeHTML($html) {
$this->tokens = array();
$parser=& new XML_HTMLSax3();
$parser->set_object($this);
$parser->set_element_handler('openHandler','closeHandler');
$parser->set_data_handler('dataHandler');
$parser->set_escape_handler('escapeHandler');
$parser->set_option('XML_OPTION_ENTITIES_PARSED', 1);
$parser->parse($html);
return $this->tokens;
}
function openHandler(&$parser, $name, $attrs, $closed) {
if ($closed) {
$this->tokens[] = new HTMLPurifier_Token_Empty($name, $attrs);
} else {
$this->tokens[] = new HTMLPurifier_Token_Start($name, $attrs);
}
return true;
}
function closeHandler(&$parser, $name) {
// HTMLSax3 seems to always send empty tags an extra close tag
// check and ignore if you see it:
// [TESTME] to make sure it doesn't overreach
if ($this->tokens[count($this->tokens)-1]->type == 'empty') {
return true;
}
$this->tokens[] = new HTMLPurifier_Token_End($name);
return true;
}
function dataHandler(&$parser, $data) {
$this->tokens[] = new HTMLPurifier_Token_Text($data);
return true;
}
function escapeHandler(&$parser, $data) {
if (strpos($data, '-') === 0) {
$this->tokens[] = new HTMLPurifier_Token_Comment($data);
}
return true;
}
}
?>

118
library/HTMLPurifier/Token.php
View File

@ -1,60 +1,60 @@
<?php
// all objects here are immutable
class HTMLPurifier_Token {} // abstract
class HTMLPurifier_Token_Tag extends HTMLPurifier_Token // abstract
{
var $is_tag = true;
var $name;
var $attributes = array();
function HTMLPurifier_Token_Tag($name, $attributes = array()) {
$this->name = ctype_lower($name) ? $name : strtolower($name);
$this->attributes = $attributes;
}
}
// start CONCRETE ones
class HTMLPurifier_Token_Start extends HTMLPurifier_Token_Tag
{
var $type = 'start';
}
class HTMLPurifier_Token_Empty extends HTMLPurifier_Token_Tag
{
var $type = 'empty';
}
// accepts attributes even though it really can't, for optimization reasons
class HTMLPurifier_Token_End extends HTMLPurifier_Token_Tag
{
var $type = 'end';
}
class HTMLPurifier_Token_Text extends HTMLPurifier_Token
{
var $name = '#PCDATA';
var $type = 'text';
var $data;
var $is_whitespace = false;
function HTMLPurifier_Token_Text($data) {
$this->data = $data;
if (ctype_space($data)) $this->is_whitespace = true;
}
function append($text) {
return new HTMLPurifier_Token_Text($this->data . $text->data);
}
}
class HTMLPurifier_Token_Comment extends HTMLPurifier_Token
{
var $data;
var $type = 'comment';
function HTMLPurifier_Token_Comment($data) {
$this->data = $data;
}
}
<?php
// all objects here are immutable
class HTMLPurifier_Token {} // abstract
class HTMLPurifier_Token_Tag extends HTMLPurifier_Token // abstract
{
var $is_tag = true;
var $name;
var $attributes = array();
function HTMLPurifier_Token_Tag($name, $attributes = array()) {
$this->name = ctype_lower($name) ? $name : strtolower($name);
$this->attributes = $attributes;
}
}
// start CONCRETE ones
class HTMLPurifier_Token_Start extends HTMLPurifier_Token_Tag
{
var $type = 'start';
}
class HTMLPurifier_Token_Empty extends HTMLPurifier_Token_Tag
{
var $type = 'empty';
}
// accepts attributes even though it really can't, for optimization reasons
class HTMLPurifier_Token_End extends HTMLPurifier_Token_Tag
{
var $type = 'end';
}
class HTMLPurifier_Token_Text extends HTMLPurifier_Token
{
var $name = '#PCDATA';
var $type = 'text';
var $data;
var $is_whitespace = false;
function HTMLPurifier_Token_Text($data) {
$this->data = $data;
if (ctype_space($data)) $this->is_whitespace = true;
}
function append($text) {
return new HTMLPurifier_Token_Text($this->data . $text->data);
}
}
class HTMLPurifier_Token_Comment extends HTMLPurifier_Token
{
var $data;
var $type = 'comment';
function HTMLPurifier_Token_Comment($data) {
$this->data = $data;
}
}
?>

262
tests/HTMLPurifier/ChildDefTest.php
View File

@ -1,132 +1,132 @@
<?php
require_once 'HTMLPurifier/ChildDef.php';
require_once 'HTMLPurifier/Lexer.php';
require_once 'HTMLPurifier/Generator.php';
class HTMLPurifier_ChildDefTest extends UnitTestCase
{
var $lex;
var $gen;
function HTMLPurifier_ChildDefTest() {
$this->lex = HTMLPurifier_Lexer::create();
$this->gen = new HTMLPurifier_Generator();
parent::UnitTestCase();
}
function assertSeries($inputs, $expect, $def) {
foreach ($inputs as $i => $input) {
$tokens = $this->lex->tokenizeHTML($input);
$result = $def->validateChildren($tokens);
if (is_bool($expect[$i])) {
$this->assertIdentical($expect[$i], $result);
} else {
$result_html = $this->gen->generateFromTokens($result);
$this->assertEqual($expect[$i], $result_html);
paintIf($result_html, $result_html != $expect[$i]);
}
}
}
function test_complex() {
// the table definition
$def = new HTMLPurifier_ChildDef(
'(caption?, (col*|colgroup*), thead?, tfoot?, (tbody+|tr+))');
$inputs[0] = '';
$expect[0] = false;
// we really don't care what's inside, because if it turns out
// this tr is illegal, we'll end up re-evaluating the parent node
// anyway.
$inputs[1] = '<tr></tr>';
$expect[1] = true;
$inputs[2] = '<caption></caption><col></col><thead></thead>' .
'<tfoot></tfoot><tbody></tbody>';
$expect[2] = true;
$inputs[3] = '<col></col><col></col><col></col><tr></tr>';
$expect[3] = true;
$this->assertSeries($inputs, $expect, $def);
}
function test_simple() {
// simple is actually an abstract class
// but we're unit testing some of the conv. functions it gives
$def = new HTMLPurifier_ChildDef_Simple('foobar | bang |gizmo');
$this->assertEqual($def->elements,
array(
'foobar' => true
,'bang' => true
,'gizmo' => true
));
$def = new HTMLPurifier_ChildDef_Simple(array('href', 'src'));
$this->assertEqual($def->elements,
array(
'href' => true
,'src' => true
));
}
function test_required_pcdata_forbidden() {
$def = new HTMLPurifier_ChildDef_Required('dt | dd');
$inputs[0] = '';
$expect[0] = false;
$inputs[1] = '<dt>Term</dt>Text in an illegal location'.
'<dd>Definition</dd><b>Illegal tag</b>';
$expect[1] = '<dt>Term</dt><dd>Definition</dd>';
$inputs[2] = 'How do you do!';
$expect[2] = false;
// whitespace shouldn't trigger it
$inputs[3] = "\n<dd>Definition</dd> ";
$expect[3] = true;
$inputs[4] ='<dd>Definition</dd> <b></b> ';
$expect[4] = '<dd>Definition</dd> ';
$inputs[5] = "\t ";
$expect[5] = false;
$this->assertSeries($inputs, $expect, $def);
}
function test_required_pcdata_allowed() {
$def = new HTMLPurifier_ChildDef_Required('#PCDATA | b');
$inputs[0] = '<b>Bold text</b><img />';
$expect[0] = '<b>Bold text</b>&lt;img /&gt;';
$this->assertSeries($inputs, $expect, $def);
}
function test_optional() {
$def = new HTMLPurifier_ChildDef_Optional('b | i');
$inputs[0] = '<b>Bold text</b><img />';
$expect[0] = '<b>Bold text</b>';
$inputs[1] = 'Not allowed text';
$expect[1] = '';
$this->assertSeries($inputs, $expect, $def);
}
}
<?php
require_once 'HTMLPurifier/ChildDef.php';
require_once 'HTMLPurifier/Lexer.php';
require_once 'HTMLPurifier/Generator.php';
class HTMLPurifier_ChildDefTest extends UnitTestCase
{
var $lex;
var $gen;
function HTMLPurifier_ChildDefTest() {
$this->lex = HTMLPurifier_Lexer::create();
$this->gen = new HTMLPurifier_Generator();
parent::UnitTestCase();
}
function assertSeries($inputs, $expect, $def) {
foreach ($inputs as $i => $input) {
$tokens = $this->lex->tokenizeHTML($input);
$result = $def->validateChildren($tokens);
if (is_bool($expect[$i])) {
$this->assertIdentical($expect[$i], $result);
} else {
$result_html = $this->gen->generateFromTokens($result);
$this->assertEqual($expect[$i], $result_html);
paintIf($result_html, $result_html != $expect[$i]);
}
}
}
function test_complex() {
// the table definition
$def = new HTMLPurifier_ChildDef(
'(caption?, (col*|colgroup*), thead?, tfoot?, (tbody+|tr+))');
$inputs[0] = '';
$expect[0] = false;
// we really don't care what's inside, because if it turns out
// this tr is illegal, we'll end up re-evaluating the parent node
// anyway.
$inputs[1] = '<tr></tr>';
$expect[1] = true;
$inputs[2] = '<caption></caption><col></col><thead></thead>' .
'<tfoot></tfoot><tbody></tbody>';
$expect[2] = true;
$inputs[3] = '<col></col><col></col><col></col><tr></tr>';
$expect[3] = true;
$this->assertSeries($inputs, $expect, $def);
}
function test_simple() {
// simple is actually an abstract class
// but we're unit testing some of the conv. functions it gives
$def = new HTMLPurifier_ChildDef_Simple('foobar | bang |gizmo');
$this->assertEqual($def->elements,
array(
'foobar' => true
,'bang' => true
,'gizmo' => true
));
$def = new HTMLPurifier_ChildDef_Simple(array('href', 'src'));
$this->assertEqual($def->elements,
array(
'href' => true
,'src' => true
));
}
function test_required_pcdata_forbidden() {
$def = new HTMLPurifier_ChildDef_Required('dt | dd');
$inputs[0] = '';
$expect[0] = false;
$inputs[1] = '<dt>Term</dt>Text in an illegal location'.
'<dd>Definition</dd><b>Illegal tag</b>';
$expect[1] = '<dt>Term</dt><dd>Definition</dd>';
$inputs[2] = 'How do you do!';
$expect[2] = false;
// whitespace shouldn't trigger it
$inputs[3] = "\n<dd>Definition</dd> ";
$expect[3] = true;
$inputs[4] ='<dd>Definition</dd> <b></b> ';
$expect[4] = '<dd>Definition</dd> ';
$inputs[5] = "\t ";
$expect[5] = false;
$this->assertSeries($inputs, $expect, $def);
}
function test_required_pcdata_allowed() {
$def = new HTMLPurifier_ChildDef_Required('#PCDATA | b');
$inputs[0] = '<b>Bold text</b><img />';
$expect[0] = '<b>Bold text</b>&lt;img /&gt;';
$this->assertSeries($inputs, $expect, $def);
}
function test_optional() {
$def = new HTMLPurifier_ChildDef_Optional('b | i');
$inputs[0] = '<b>Bold text</b><img />';
$expect[0] = '<b>Bold text</b>';
$inputs[1] = 'Not allowed text';
$expect[1] = '';
$this->assertSeries($inputs, $expect, $def);
}
}
?>

532
tests/HTMLPurifier/DefinitionTest.php
View File

@ -1,267 +1,267 @@
<?php
require_once 'HTMLPurifier/Definition.php';
require_once 'HTMLPurifier/Lexer.php';
class HTMLPurifier_DefinitionTest extends UnitTestCase
{
var $def, $lex;
function HTMLPurifier_DefinitionTest() {
$this->UnitTestCase();
$this->def = new HTMLPurifier_Definition();
$this->def->loadData();
$this->lex = new HTMLPurifier_Lexer();
}
function test_removeForeignElements() {
$inputs = array();
$expect = array();
$inputs[0] = array();
$expect[0] = $inputs[0];
$inputs[1] = array(
new HTMLPurifier_Token_Text('This is ')
,new HTMLPurifier_Token_Start('b', array())
,new HTMLPurifier_Token_Text('bold')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_Text(' text')
);
$expect[1] = $inputs[1];
$inputs[2] = array(
new HTMLPurifier_Token_Start('asdf')
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_Start('d', array('href' => 'bang!'))
,new HTMLPurifier_Token_End('d')
,new HTMLPurifier_Token_Start('pooloka')
,new HTMLPurifier_Token_Start('poolasdf')
,new HTMLPurifier_Token_Start('ds', array('moogle' => '&'))
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_End('asdf')
);
$expect[2] = array(
new HTMLPurifier_Token_Text('<asdf>')
,new HTMLPurifier_Token_Text('</asdf>')
,new HTMLPurifier_Token_Text('<d href="bang!">')
,new HTMLPurifier_Token_Text('</d>')
,new HTMLPurifier_Token_Text('<pooloka>')
,new HTMLPurifier_Token_Text('<poolasdf>')
,new HTMLPurifier_Token_Text('<ds moogle="&amp;">')
,new HTMLPurifier_Token_Text('</asdf>')
,new HTMLPurifier_Token_Text('</asdf>')
);
foreach ($inputs as $i => $input) {
$result = $this->def->removeForeignElements($input);
$this->assertEqual($expect[$i], $result);
paintIf($result, $result != $expect[$i]);
}
}
function test_makeWellFormed() {
$inputs = array();
$expect = array();
$inputs[0] = array();
$expect[0] = $inputs[0];
$inputs[1] = array(
new HTMLPurifier_Token_Text('This is ')
,new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Text('bold')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_Text(' text')
,new HTMLPurifier_Token_Empty('br')
);
$expect[1] = $inputs[1];
$inputs[2] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Text('Unclosed tag, gasp!')
);
$expect[2] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Text('Unclosed tag, gasp!')
,new HTMLPurifier_Token_End('b')
);
$inputs[3] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Start('i')
,new HTMLPurifier_Token_Text('The b is closed, but the i is not')
,new HTMLPurifier_Token_End('b')
);
$expect[3] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Start('i')
,new HTMLPurifier_Token_Text('The b is closed, but the i is not')
,new HTMLPurifier_Token_End('i')
,new HTMLPurifier_Token_End('b')
);
$inputs[4] = array(
new HTMLPurifier_Token_Text('Hey, recycle unused end tags!')
,new HTMLPurifier_Token_End('b')
);
$expect[4] = array(
new HTMLPurifier_Token_Text('Hey, recycle unused end tags!')
,new HTMLPurifier_Token_Text('</b>')
);
$inputs[5] = array(new HTMLPurifier_Token_Start('br', array('style' => 'clear:both;')));
$expect[5] = array(new HTMLPurifier_Token_Empty('br', array('style' => 'clear:both;')));
$inputs[6] = array(new HTMLPurifier_Token_Empty('div', array('style' => 'clear:both;')));
$expect[6] = array(
new HTMLPurifier_Token_Start('div', array('style' => 'clear:both;'))
,new HTMLPurifier_Token_End('div')
);
// test automatic paragraph closing
$inputs[7] = array(
new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 2')
);
$expect[7] = array(
new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1')
,new HTMLPurifier_Token_End('p')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 2')
,new HTMLPurifier_Token_End('p')
);
$inputs[8] = array(
new HTMLPurifier_Token_Start('div')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1 in a div')
,new HTMLPurifier_Token_End('div')
);
$expect[8] = array(
new HTMLPurifier_Token_Start('div')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1 in a div')
,new HTMLPurifier_Token_End('p')
,new HTMLPurifier_Token_End('div')
);
// automatic list closing
$inputs[9] = array(
new HTMLPurifier_Token_Start('ol')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 1')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 2')
,new HTMLPurifier_Token_End('ol')
);
$expect[9] = array(
new HTMLPurifier_Token_Start('ol')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 1')
,new HTMLPurifier_Token_End('li')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 2')
,new HTMLPurifier_Token_End('li')
,new HTMLPurifier_Token_End('ol')
);
foreach ($inputs as $i => $input) {
$result = $this->def->makeWellFormed($input);
$this->assertEqual($expect[$i], $result);
paintIf($result, $result != $expect[$i]);
}
}
function test_fixNesting() {
$inputs = array();
$expect = array();
// next id = 4
// legal inline nesting
$inputs[0] = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Text('Bold text'),
new HTMLPurifier_Token_End('b'),
);
$expect[0] = $inputs[0];
// legal inline and block
// as the parent element is considered FLOW
$inputs[1] = array(
new HTMLPurifier_Token_Start('a', array('href' => 'http://www.example.com/')),
new HTMLPurifier_Token_Text('Linky'),
new HTMLPurifier_Token_End('a'),
new HTMLPurifier_Token_Start('div'),
new HTMLPurifier_Token_Text('Block element'),
new HTMLPurifier_Token_End('div'),
);
$expect[1] = $inputs[1];
// illegal block in inline, element -> text
$inputs[2] = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Start('div'),
new HTMLPurifier_Token_Text('Illegal Div'),
new HTMLPurifier_Token_End('div'),
new HTMLPurifier_Token_End('b'),
);
$expect[2] = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Text('<div>'),
new HTMLPurifier_Token_Text('Illegal Div'),
new HTMLPurifier_Token_Text('</div>'),
new HTMLPurifier_Token_End('b'),
);
// test of empty set that's required, resulting in removal of node
$inputs[3] = array(
new HTMLPurifier_Token_Start('ul'),
new HTMLPurifier_Token_End('ul')
);
$expect[3] = array();
// test illegal text which gets removed
$inputs[4] = array(
new HTMLPurifier_Token_Start('ul'),
new HTMLPurifier_Token_Text('Illegal Text'),
new HTMLPurifier_Token_Start('li'),
new HTMLPurifier_Token_Text('Legal item'),
new HTMLPurifier_Token_End('li'),
new HTMLPurifier_Token_End('ul')
);
$expect[4] = array(
new HTMLPurifier_Token_Start('ul'),
new HTMLPurifier_Token_Start('li'),
new HTMLPurifier_Token_Text('Legal item'),
new HTMLPurifier_Token_End('li'),
new HTMLPurifier_Token_End('ul')
);
foreach ($inputs as $i => $input) {
$result = $this->def->fixNesting($input);
$this->assertEqual($expect[$i], $result);
paintIf($result, $result != $expect[$i]);
}
}
}
<?php
require_once 'HTMLPurifier/Definition.php';
require_once 'HTMLPurifier/Lexer.php';
class HTMLPurifier_DefinitionTest extends UnitTestCase
{
var $def, $lex;
function HTMLPurifier_DefinitionTest() {
$this->UnitTestCase();
$this->def = new HTMLPurifier_Definition();
$this->def->loadData();
$this->lex = new HTMLPurifier_Lexer();
}
function test_removeForeignElements() {
$inputs = array();
$expect = array();
$inputs[0] = array();
$expect[0] = $inputs[0];
$inputs[1] = array(
new HTMLPurifier_Token_Text('This is ')
,new HTMLPurifier_Token_Start('b', array())
,new HTMLPurifier_Token_Text('bold')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_Text(' text')
);
$expect[1] = $inputs[1];
$inputs[2] = array(
new HTMLPurifier_Token_Start('asdf')
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_Start('d', array('href' => 'bang!'))
,new HTMLPurifier_Token_End('d')
,new HTMLPurifier_Token_Start('pooloka')
,new HTMLPurifier_Token_Start('poolasdf')
,new HTMLPurifier_Token_Start('ds', array('moogle' => '&'))
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_End('asdf')
);
$expect[2] = array(
new HTMLPurifier_Token_Text('<asdf>')
,new HTMLPurifier_Token_Text('</asdf>')
,new HTMLPurifier_Token_Text('<d href="bang!">')
,new HTMLPurifier_Token_Text('</d>')
,new HTMLPurifier_Token_Text('<pooloka>')
,new HTMLPurifier_Token_Text('<poolasdf>')
,new HTMLPurifier_Token_Text('<ds moogle="&amp;">')
,new HTMLPurifier_Token_Text('</asdf>')
,new HTMLPurifier_Token_Text('</asdf>')
);
foreach ($inputs as $i => $input) {
$result = $this->def->removeForeignElements($input);
$this->assertEqual($expect[$i], $result);
paintIf($result, $result != $expect[$i]);
}
}
function test_makeWellFormed() {
$inputs = array();
$expect = array();
$inputs[0] = array();
$expect[0] = $inputs[0];
$inputs[1] = array(
new HTMLPurifier_Token_Text('This is ')
,new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Text('bold')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_Text(' text')
,new HTMLPurifier_Token_Empty('br')
);
$expect[1] = $inputs[1];
$inputs[2] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Text('Unclosed tag, gasp!')
);
$expect[2] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Text('Unclosed tag, gasp!')
,new HTMLPurifier_Token_End('b')
);
$inputs[3] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Start('i')
,new HTMLPurifier_Token_Text('The b is closed, but the i is not')
,new HTMLPurifier_Token_End('b')
);
$expect[3] = array(
new HTMLPurifier_Token_Start('b')
,new HTMLPurifier_Token_Start('i')
,new HTMLPurifier_Token_Text('The b is closed, but the i is not')
,new HTMLPurifier_Token_End('i')
,new HTMLPurifier_Token_End('b')
);
$inputs[4] = array(
new HTMLPurifier_Token_Text('Hey, recycle unused end tags!')
,new HTMLPurifier_Token_End('b')
);
$expect[4] = array(
new HTMLPurifier_Token_Text('Hey, recycle unused end tags!')
,new HTMLPurifier_Token_Text('</b>')
);
$inputs[5] = array(new HTMLPurifier_Token_Start('br', array('style' => 'clear:both;')));
$expect[5] = array(new HTMLPurifier_Token_Empty('br', array('style' => 'clear:both;')));
$inputs[6] = array(new HTMLPurifier_Token_Empty('div', array('style' => 'clear:both;')));
$expect[6] = array(
new HTMLPurifier_Token_Start('div', array('style' => 'clear:both;'))
,new HTMLPurifier_Token_End('div')
);
// test automatic paragraph closing
$inputs[7] = array(
new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 2')
);
$expect[7] = array(
new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1')
,new HTMLPurifier_Token_End('p')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 2')
,new HTMLPurifier_Token_End('p')
);
$inputs[8] = array(
new HTMLPurifier_Token_Start('div')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1 in a div')
,new HTMLPurifier_Token_End('div')
);
$expect[8] = array(
new HTMLPurifier_Token_Start('div')
,new HTMLPurifier_Token_Start('p')
,new HTMLPurifier_Token_Text('Paragraph 1 in a div')
,new HTMLPurifier_Token_End('p')
,new HTMLPurifier_Token_End('div')
);
// automatic list closing
$inputs[9] = array(
new HTMLPurifier_Token_Start('ol')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 1')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 2')
,new HTMLPurifier_Token_End('ol')
);
$expect[9] = array(
new HTMLPurifier_Token_Start('ol')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 1')
,new HTMLPurifier_Token_End('li')
,new HTMLPurifier_Token_Start('li')
,new HTMLPurifier_Token_Text('Item 2')
,new HTMLPurifier_Token_End('li')
,new HTMLPurifier_Token_End('ol')
);
foreach ($inputs as $i => $input) {
$result = $this->def->makeWellFormed($input);
$this->assertEqual($expect[$i], $result);
paintIf($result, $result != $expect[$i]);
}
}
function test_fixNesting() {
$inputs = array();
$expect = array();
// next id = 4
// legal inline nesting
$inputs[0] = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Text('Bold text'),
new HTMLPurifier_Token_End('b'),
);
$expect[0] = $inputs[0];
// legal inline and block
// as the parent element is considered FLOW
$inputs[1] = array(
new HTMLPurifier_Token_Start('a', array('href' => 'http://www.example.com/')),
new HTMLPurifier_Token_Text('Linky'),
new HTMLPurifier_Token_End('a'),
new HTMLPurifier_Token_Start('div'),
new HTMLPurifier_Token_Text('Block element'),
new HTMLPurifier_Token_End('div'),
);
$expect[1] = $inputs[1];
// illegal block in inline, element -> text
$inputs[2] = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Start('div'),
new HTMLPurifier_Token_Text('Illegal Div'),
new HTMLPurifier_Token_End('div'),
new HTMLPurifier_Token_End('b'),
);
$expect[2] = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Text('<div>'),
new HTMLPurifier_Token_Text('Illegal Div'),
new HTMLPurifier_Token_Text('</div>'),
new HTMLPurifier_Token_End('b'),
);
// test of empty set that's required, resulting in removal of node
$inputs[3] = array(
new HTMLPurifier_Token_Start('ul'),
new HTMLPurifier_Token_End('ul')
);
$expect[3] = array();
// test illegal text which gets removed
$inputs[4] = array(
new HTMLPurifier_Token_Start('ul'),
new HTMLPurifier_Token_Text('Illegal Text'),
new HTMLPurifier_Token_Start('li'),
new HTMLPurifier_Token_Text('Legal item'),
new HTMLPurifier_Token_End('li'),
new HTMLPurifier_Token_End('ul')
);
$expect[4] = array(
new HTMLPurifier_Token_Start('ul'),
new HTMLPurifier_Token_Start('li'),
new HTMLPurifier_Token_Text('Legal item'),
new HTMLPurifier_Token_End('li'),
new HTMLPurifier_Token_End('ul')
);
foreach ($inputs as $i => $input) {
$result = $this->def->fixNesting($input);
$this->assertEqual($expect[$i], $result);
paintIf($result, $result != $expect[$i]);
}
}
}
?>

176
tests/HTMLPurifier/GeneratorTest.php
View File

@ -1,89 +1,89 @@
<?php
require_once 'HTMLPurifier/Generator.php';
class HTMLPurifier_GeneratorTest extends UnitTestCase
{
var $gen;
function HTMLPurifier_GeneratorTest() {
$this->UnitTestCase();
$this->gen = new HTMLPurifier_Generator();
}
function test_generateFromToken() {
$inputs = array();
$expect = array();
$inputs[0] = new HTMLPurifier_Token_Text('Foobar.<>');
$expect[0] = 'Foobar.&lt;&gt;';
$inputs[1] = new HTMLPurifier_Token_Start('a',
array('href' => 'dyn?a=foo&b=bar')
);
$expect[1] = '<a href="dyn?a=foo&amp;b=bar">';
$inputs[2] = new HTMLPurifier_Token_End('b');
$expect[2] = '</b>';
$inputs[3] = new HTMLPurifier_Token_Empty('br',
array('style' => 'font-family:"Courier New";')
);
$expect[3] = '<br style="font-family:&quot;Courier New&quot;;" />';
$inputs[4] = new HTMLPurifier_Token_Start('asdf');
$expect[4] = '<asdf>';
$inputs[5] = new HTMLPurifier_Token_Empty('br');
$expect[5] = '<br />';
foreach ($inputs as $i => $input) {
$result = $this->gen->generateFromToken($input);
$this->assertEqual($result, $expect[$i]);
paintIf($result, $result != $expect[$i]);
}
}
function test_generateAttributes() {
$inputs = array();
$expect = array();
$inputs[0] = array();
$expect[0] = '';
$inputs[1] = array('href' => 'dyn?a=foo&b=bar');
$expect[1] = 'href="dyn?a=foo&amp;b=bar"';
$inputs[2] = array('style' => 'font-family:"Courier New";');
$expect[2] = 'style="font-family:&quot;Courier New&quot;;"';
$inputs[3] = array('src' => 'picture.jpg', 'alt' => 'Short & interesting');
$expect[3] = 'src="picture.jpg" alt="Short &amp; interesting"';
foreach ($inputs as $i => $input) {
$result = $this->gen->generateAttributes($input);
$this->assertEqual($result, $expect[$i]);
paintIf($result, $result != $expect[$i]);
}
}
function test_generateFromTokens() {
$tokens = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Text('Foobar!'),
new HTMLPurifier_Token_End('b')
);
$expect = '<b>Foobar!</b>';
$this->assertEqual($expect, $this->gen->generateFromTokens($tokens));
}
}
<?php
require_once 'HTMLPurifier/Generator.php';
class HTMLPurifier_GeneratorTest extends UnitTestCase
{
var $gen;
function HTMLPurifier_GeneratorTest() {
$this->UnitTestCase();
$this->gen = new HTMLPurifier_Generator();
}
function test_generateFromToken() {
$inputs = array();
$expect = array();
$inputs[0] = new HTMLPurifier_Token_Text('Foobar.<>');
$expect[0] = 'Foobar.&lt;&gt;';
$inputs[1] = new HTMLPurifier_Token_Start('a',
array('href' => 'dyn?a=foo&b=bar')
);
$expect[1] = '<a href="dyn?a=foo&amp;b=bar">';
$inputs[2] = new HTMLPurifier_Token_End('b');
$expect[2] = '</b>';
$inputs[3] = new HTMLPurifier_Token_Empty('br',
array('style' => 'font-family:"Courier New";')
);
$expect[3] = '<br style="font-family:&quot;Courier New&quot;;" />';
$inputs[4] = new HTMLPurifier_Token_Start('asdf');
$expect[4] = '<asdf>';
$inputs[5] = new HTMLPurifier_Token_Empty('br');
$expect[5] = '<br />';
foreach ($inputs as $i => $input) {
$result = $this->gen->generateFromToken($input);
$this->assertEqual($result, $expect[$i]);
paintIf($result, $result != $expect[$i]);
}
}
function test_generateAttributes() {
$inputs = array();
$expect = array();
$inputs[0] = array();
$expect[0] = '';
$inputs[1] = array('href' => 'dyn?a=foo&b=bar');
$expect[1] = 'href="dyn?a=foo&amp;b=bar"';
$inputs[2] = array('style' => 'font-family:"Courier New";');
$expect[2] = 'style="font-family:&quot;Courier New&quot;;"';
$inputs[3] = array('src' => 'picture.jpg', 'alt' => 'Short & interesting');
$expect[3] = 'src="picture.jpg" alt="Short &amp; interesting"';
foreach ($inputs as $i => $input) {
$result = $this->gen->generateAttributes($input);
$this->assertEqual($result, $expect[$i]);
paintIf($result, $result != $expect[$i]);
}
}
function test_generateFromTokens() {
$tokens = array(
new HTMLPurifier_Token_Start('b'),
new HTMLPurifier_Token_Text('Foobar!'),
new HTMLPurifier_Token_End('b')
);
$expect = '<b>Foobar!</b>';
$this->assertEqual($expect, $this->gen->generateFromTokens($tokens));
}
}
?>

164
tests/HTMLPurifier/Lexer/DirectLexTest.php
View File

@ -1,83 +1,83 @@
<?php
require_once 'HTMLPurifier/Lexer/DirectLex.php';
class HTMLPurifier_Lexer_DirectLexTest extends UnitTestCase
{
var $DirectLex;
function setUp() {
$this->DirectLex = new HTMLPurifier_Lexer_DirectLex();
}
function test_nextWhiteSpace() {
$HP =& $this->DirectLex;
$this->assertIdentical(false, $HP->nextWhiteSpace('asdf'));
$this->assertIdentical(0, $HP->nextWhiteSpace(' asdf'));
$this->assertIdentical(0, $HP->nextWhiteSpace("\nasdf"));
$this->assertIdentical(1, $HP->nextWhiteSpace("a\tsdf"));
$this->assertIdentical(4, $HP->nextWhiteSpace("asdf\r"));
$this->assertIdentical(2, $HP->nextWhiteSpace("as\t\r\nasdf as"));
$this->assertIdentical(3, $HP->nextWhiteSpace('a a ', 2));
}
function test_parseData() {
$HP =& $this->DirectLex;
$this->assertIdentical('asdf', $HP->parseData('asdf'));
$this->assertIdentical('&', $HP->parseData('&amp;'));
$this->assertIdentical('"', $HP->parseData('&quot;'));
$this->assertIdentical("'", $HP->parseData('&#039;'));
$this->assertIdentical('-', $HP->parseData('&#x2D;'));
// UTF-8 needed!!!
}
// internals testing
function test_tokenizeAttributeString() {
$input[0] = 'href="asdf" boom="assdf"';
$expect[0] = array('href'=>'asdf', 'boom'=>'assdf');
$input[1] = "href='r'";
$expect[1] = array('href'=>'r');
$input[2] = 'onclick="javascript:alert(\'asdf\');"';
$expect[2] = array('onclick' => "javascript:alert('asdf');");
$input[3] = 'selected';
$expect[3] = array('selected'=>'selected');
$input[4] = '="asdf"';
$expect[4] = array();
$input[5] = 'missile=launch';
$expect[5] = array('missile' => 'launch');
$input[6] = 'href="foo';
$expect[6] = array('href' => 'foo');
$input[7] = '"=';
$expect[7] = array('"' => '');
$input[8] = 'href ="about:blank"rel ="nofollow"';
$expect[8] = array('href' => 'about:blank', 'rel' => 'nofollow');
$input[9] = 'foo bar';
$expect[9] = array('foo' => 'foo', 'bar' => 'bar');
$input[10] = 'foo="bar" blue';
$expect[10] = array('foo' => 'bar', 'blue' => 'blue');
$size = count($input);
for($i = 0; $i < $size; $i++) {
$result = $this->DirectLex->tokenizeAttributeString($input[$i]);
$this->assertEqual($expect[$i], $result, 'Test ' . $i . ': %s');
paintIf($result, $expect[$i] != $result);
}
}
}
<?php
require_once 'HTMLPurifier/Lexer/DirectLex.php';
class HTMLPurifier_Lexer_DirectLexTest extends UnitTestCase
{
var $DirectLex;
function setUp() {
$this->DirectLex = new HTMLPurifier_Lexer_DirectLex();
}
function test_nextWhiteSpace() {
$HP =& $this->DirectLex;
$this->assertIdentical(false, $HP->nextWhiteSpace('asdf'));
$this->assertIdentical(0, $HP->nextWhiteSpace(' asdf'));
$this->assertIdentical(0, $HP->nextWhiteSpace("\nasdf"));
$this->assertIdentical(1, $HP->nextWhiteSpace("a\tsdf"));
$this->assertIdentical(4, $HP->nextWhiteSpace("asdf\r"));
$this->assertIdentical(2, $HP->nextWhiteSpace("as\t\r\nasdf as"));
$this->assertIdentical(3, $HP->nextWhiteSpace('a a ', 2));
}
function test_parseData() {
$HP =& $this->DirectLex;
$this->assertIdentical('asdf', $HP->parseData('asdf'));
$this->assertIdentical('&', $HP->parseData('&amp;'));
$this->assertIdentical('"', $HP->parseData('&quot;'));
$this->assertIdentical("'", $HP->parseData('&#039;'));
$this->assertIdentical('-', $HP->parseData('&#x2D;'));
// UTF-8 needed!!!
}
// internals testing
function test_tokenizeAttributeString() {
$input[0] = 'href="asdf" boom="assdf"';
$expect[0] = array('href'=>'asdf', 'boom'=>'assdf');
$input[1] = "href='r'";
$expect[1] = array('href'=>'r');
$input[2] = 'onclick="javascript:alert(\'asdf\');"';
$expect[2] = array('onclick' => "javascript:alert('asdf');");
$input[3] = 'selected';
$expect[3] = array('selected'=>'selected');
$input[4] = '="asdf"';
$expect[4] = array();
$input[5] = 'missile=launch';
$expect[5] = array('missile' => 'launch');
$input[6] = 'href="foo';
$expect[6] = array('href' => 'foo');
$input[7] = '"=';
$expect[7] = array('"' => '');
$input[8] = 'href ="about:blank"rel ="nofollow"';
$expect[8] = array('href' => 'about:blank', 'rel' => 'nofollow');
$input[9] = 'foo bar';
$expect[9] = array('foo' => 'foo', 'bar' => 'bar');
$input[10] = 'foo="bar" blue';
$expect[10] = array('foo' => 'bar', 'blue' => 'blue');
$size = count($input);
for($i = 0; $i < $size; $i++) {
$result = $this->DirectLex->tokenizeAttributeString($input[$i]);
$this->assertEqual($expect[$i], $result, 'Test ' . $i . ': %s');
paintIf($result, $expect[$i] != $result);
}
}
}
?>

392
tests/HTMLPurifier/LexerTest.php
View File

@ -1,197 +1,197 @@
<?php
require_once 'HTMLPurifier/Lexer/DirectLex.php';
require_once 'HTMLPurifier/Lexer/PEARSax3.php';
class HTMLPurifier_LexerTest extends UnitTestCase
{
var $DirectLex, $PEARSax3, $DOMLex;
var $_has_dom;
function setUp() {
$this->DirectLex = new HTMLPurifier_Lexer_DirectLex();
$this->PEARSax3 = new HTMLPurifier_Lexer_PEARSax3();
$this->_has_dom = version_compare(PHP_VERSION, '5', '>=');
if ($this->_has_dom) {
require_once 'HTMLPurifier/Lexer/DOMLex.php';
$this->DOMLex = new HTMLPurifier_Lexer_DOMLex();
}
}
function test_tokenizeHTML() {
$input = array();
$expect = array();
$sax_expect = array();
$input[0] = '';
$expect[0] = array();
$input[1] = 'This is regular text.';
$expect[1] = array(
new HTMLPurifier_Token_Text('This is regular text.')
);
$input[2] = 'This is <b>bold</b> text';
$expect[2] = array(
new HTMLPurifier_Token_Text('This is ')
,new HTMLPurifier_Token_Start('b', array())
,new HTMLPurifier_Token_Text('bold')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_Text(' text')
);
$input[3] = '<DIV>Totally rad dude. <b>asdf</b></div>';
$expect[3] = array(
new HTMLPurifier_Token_Start('DIV', array())
,new HTMLPurifier_Token_Text('Totally rad dude. ')
,new HTMLPurifier_Token_Start('b', array())
,new HTMLPurifier_Token_Text('asdf')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_End('div')
);
// [XML-INVALID]
$input[4] = '<asdf></asdf><d></d><poOloka><poolasdf><ds></asdf></ASDF>';
$expect[4] = array(
new HTMLPurifier_Token_Start('asdf')
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_Start('d')
,new HTMLPurifier_Token_End('d')
,new HTMLPurifier_Token_Start('poOloka')
,new HTMLPurifier_Token_Start('poolasdf')
,new HTMLPurifier_Token_Start('ds')
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_End('ASDF')
);
// DOM is different because it condenses empty tags into REAL empty ones
// as well as makes it well-formed
$dom_expect[4] = array(
new HTMLPurifier_Token_Empty('asdf')
,new HTMLPurifier_Token_Empty('d')
,new HTMLPurifier_Token_Start('pooloka')
,new HTMLPurifier_Token_Start('poolasdf')
,new HTMLPurifier_Token_Empty('ds')
,new HTMLPurifier_Token_End('poolasdf')
,new HTMLPurifier_Token_End('pooloka')
);
$input[5] = '<a'."\t".'href="foobar.php"'."\n".'title="foo!">Link to <b id="asdf">foobar</b></a>';
$expect[5] = array(
new HTMLPurifier_Token_Start('a',array('href'=>'foobar.php','title'=>'foo!'))
,new HTMLPurifier_Token_Text('Link to ')
,new HTMLPurifier_Token_Start('b',array('id'=>'asdf'))
,new HTMLPurifier_Token_Text('foobar')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_End('a')
);
$input[6] = '<br />';
$expect[6] = array(
new HTMLPurifier_Token_Empty('br')
);
// [SGML-INVALID] [RECOVERABLE]
$input[7] = '<!-- Comment --> <!-- not so well formed --->';
$expect[7] = array(
new HTMLPurifier_Token_Comment(' Comment ')
,new HTMLPurifier_Token_Text(' ')
,new HTMLPurifier_Token_Comment(' not so well formed -')
);
$sax_expect[7] = false; // we need to figure out proper comment output
// [SGML-INVALID]
$input[8] = '<a href=""';
$expect[8] = array(
new HTMLPurifier_Token_Text('<a href=""')
);
// SAX parses it into a tag
$sax_expect[8] = array(
new HTMLPurifier_Token_Start('a', array('href'=>''))
);
// DOM parses it into an empty tag
$dom_expect[8] = array(
new HTMLPurifier_Token_Empty('a', array('href'=>''))
);
$input[9] = '&lt;b&gt;';
$expect[9] = array(
new HTMLPurifier_Token_Text('<b>')
);
$sax_expect[9] = array(
new HTMLPurifier_Token_Text('<')
,new HTMLPurifier_Token_Text('b')
,new HTMLPurifier_Token_Text('>')
);
// note that SAX can clump text nodes together. We won't be
// too picky though
// [SGML-INVALID]
$input[10] = '<a "=>';
// We barf on this, aim for no attributes
$expect[10] = array(
new HTMLPurifier_Token_Start('a', array('"' => ''))
);
// DOM correctly has no attributes, but also closes the tag
$dom_expect[10] = array(
new HTMLPurifier_Token_Empty('a')
);
// SAX barfs on this
$sax_expect[10] = array(
new HTMLPurifier_Token_Start('a', array('"' => ''))
);
// [INVALID] [RECOVERABLE]
$input[11] = '"';
$expect[11] = array( new HTMLPurifier_Token_Text('"') );
// compare with this valid one:
$input[12] = '&quot;';
$expect[12] = array( new HTMLPurifier_Token_Text('"') );
$sax_expect[12] = false;
// SAX chokes on this? We do have entity parsing on, so it should work!
foreach($input as $i => $discard) {
$result = $this->DirectLex->tokenizeHTML($input[$i]);
$this->assertEqual($expect[$i], $result, 'Test '.$i.': %s');
paintIf($result, $expect[$i] != $result);
// assert unless I say otherwise
$sax_result = $this->PEARSax3->tokenizeHTML($input[$i]);
if (!isset($sax_expect[$i])) {
// by default, assert with normal result
$this->assertEqual($expect[$i], $sax_result, 'Test '.$i.': %s');
paintIf($sax_result, $expect[$i] != $sax_result);
} elseif ($sax_expect[$i] === false) {
// assertions were turned off, optionally dump
// paintIf($sax_expect, $i == NUMBER);
} else {
// match with a custom SAX result array
$this->assertEqual($sax_expect[$i], $sax_result, 'Test '.$i.': %s');
paintIf($sax_result, $sax_expect[$i] != $sax_result);
}
if ($this->_has_dom) {
$dom_result = $this->DOMLex->tokenizeHTML($input[$i]);
// same structure as SAX
if (!isset($dom_expect[$i])) {
$this->assertEqual($expect[$i], $dom_result, 'Test '.$i.': %s');
paintIf($dom_result, $expect[$i] != $dom_result);
} elseif ($dom_expect[$i] === false) {
// paintIf($dom_result, $i == NUMBER);
} else {
$this->assertEqual($dom_expect[$i], $dom_result, 'Test '.$i.': %s');
paintIf($dom_result, $dom_expect[$i] != $dom_result);
}
}
}
}
}
<?php
require_once 'HTMLPurifier/Lexer/DirectLex.php';
require_once 'HTMLPurifier/Lexer/PEARSax3.php';
class HTMLPurifier_LexerTest extends UnitTestCase
{
var $DirectLex, $PEARSax3, $DOMLex;
var $_has_dom;
function setUp() {
$this->DirectLex = new HTMLPurifier_Lexer_DirectLex();
$this->PEARSax3 = new HTMLPurifier_Lexer_PEARSax3();
$this->_has_dom = version_compare(PHP_VERSION, '5', '>=');
if ($this->_has_dom) {
require_once 'HTMLPurifier/Lexer/DOMLex.php';
$this->DOMLex = new HTMLPurifier_Lexer_DOMLex();
}
}
function test_tokenizeHTML() {
$input = array();
$expect = array();
$sax_expect = array();
$input[0] = '';
$expect[0] = array();
$input[1] = 'This is regular text.';
$expect[1] = array(
new HTMLPurifier_Token_Text('This is regular text.')
);
$input[2] = 'This is <b>bold</b> text';
$expect[2] = array(
new HTMLPurifier_Token_Text('This is ')
,new HTMLPurifier_Token_Start('b', array())
,new HTMLPurifier_Token_Text('bold')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_Text(' text')
);
$input[3] = '<DIV>Totally rad dude. <b>asdf</b></div>';
$expect[3] = array(
new HTMLPurifier_Token_Start('DIV', array())
,new HTMLPurifier_Token_Text('Totally rad dude. ')
,new HTMLPurifier_Token_Start('b', array())
,new HTMLPurifier_Token_Text('asdf')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_End('div')
);
// [XML-INVALID]
$input[4] = '<asdf></asdf><d></d><poOloka><poolasdf><ds></asdf></ASDF>';
$expect[4] = array(
new HTMLPurifier_Token_Start('asdf')
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_Start('d')
,new HTMLPurifier_Token_End('d')
,new HTMLPurifier_Token_Start('poOloka')
,new HTMLPurifier_Token_Start('poolasdf')
,new HTMLPurifier_Token_Start('ds')
,new HTMLPurifier_Token_End('asdf')
,new HTMLPurifier_Token_End('ASDF')
);
// DOM is different because it condenses empty tags into REAL empty ones
// as well as makes it well-formed
$dom_expect[4] = array(
new HTMLPurifier_Token_Empty('asdf')
,new HTMLPurifier_Token_Empty('d')
,new HTMLPurifier_Token_Start('pooloka')
,new HTMLPurifier_Token_Start('poolasdf')
,new HTMLPurifier_Token_Empty('ds')
,new HTMLPurifier_Token_End('poolasdf')
,new HTMLPurifier_Token_End('pooloka')
);
$input[5] = '<a'."\t".'href="foobar.php"'."\n".'title="foo!">Link to <b id="asdf">foobar</b></a>';
$expect[5] = array(
new HTMLPurifier_Token_Start('a',array('href'=>'foobar.php','title'=>'foo!'))
,new HTMLPurifier_Token_Text('Link to ')
,new HTMLPurifier_Token_Start('b',array('id'=>'asdf'))
,new HTMLPurifier_Token_Text('foobar')
,new HTMLPurifier_Token_End('b')
,new HTMLPurifier_Token_End('a')
);
$input[6] = '<br />';
$expect[6] = array(
new HTMLPurifier_Token_Empty('br')
);
// [SGML-INVALID] [RECOVERABLE]
$input[7] = '<!-- Comment --> <!-- not so well formed --->';
$expect[7] = array(
new HTMLPurifier_Token_Comment(' Comment ')
,new HTMLPurifier_Token_Text(' ')
,new HTMLPurifier_Token_Comment(' not so well formed -')
);
$sax_expect[7] = false; // we need to figure out proper comment output
// [SGML-INVALID]
$input[8] = '<a href=""';
$expect[8] = array(
new HTMLPurifier_Token_Text('<a href=""')
);
// SAX parses it into a tag
$sax_expect[8] = array(
new HTMLPurifier_Token_Start('a', array('href'=>''))
);
// DOM parses it into an empty tag
$dom_expect[8] = array(
new HTMLPurifier_Token_Empty('a', array('href'=>''))
);
$input[9] = '&lt;b&gt;';
$expect[9] = array(
new HTMLPurifier_Token_Text('<b>')
);
$sax_expect[9] = array(
new HTMLPurifier_Token_Text('<')
,new HTMLPurifier_Token_Text('b')
,new HTMLPurifier_Token_Text('>')
);
// note that SAX can clump text nodes together. We won't be
// too picky though
// [SGML-INVALID]
$input[10] = '<a "=>';
// We barf on this, aim for no attributes
$expect[10] = array(
new HTMLPurifier_Token_Start('a', array('"' => ''))
);
// DOM correctly has no attributes, but also closes the tag
$dom_expect[10] = array(
new HTMLPurifier_Token_Empty('a')
);
// SAX barfs on this
$sax_expect[10] = array(
new HTMLPurifier_Token_Start('a', array('"' => ''))
);
// [INVALID] [RECOVERABLE]
$input[11] = '"';
$expect[11] = array( new HTMLPurifier_Token_Text('"') );
// compare with this valid one:
$input[12] = '&quot;';
$expect[12] = array( new HTMLPurifier_Token_Text('"') );
$sax_expect[12] = false;
// SAX chokes on this? We do have entity parsing on, so it should work!
foreach($input as $i => $discard) {
$result = $this->DirectLex->tokenizeHTML($input[$i]);
$this->assertEqual($expect[$i], $result, 'Test '.$i.': %s');
paintIf($result, $expect[$i] != $result);
// assert unless I say otherwise
$sax_result = $this->PEARSax3->tokenizeHTML($input[$i]);
if (!isset($sax_expect[$i])) {
// by default, assert with normal result
$this->assertEqual($expect[$i], $sax_result, 'Test '.$i.': %s');
paintIf($sax_result, $expect[$i] != $sax_result);
} elseif ($sax_expect[$i] === false) {
// assertions were turned off, optionally dump
// paintIf($sax_expect, $i == NUMBER);
} else {
// match with a custom SAX result array
$this->assertEqual($sax_expect[$i], $sax_result, 'Test '.$i.': %s');
paintIf($sax_result, $sax_expect[$i] != $sax_result);
}
if ($this->_has_dom) {
$dom_result = $this->DOMLex->tokenizeHTML($input[$i]);
// same structure as SAX
if (!isset($dom_expect[$i])) {
$this->assertEqual($expect[$i], $dom_result, 'Test '.$i.': %s');
paintIf($dom_result, $expect[$i] != $dom_result);
} elseif ($dom_expect[$i] === false) {
// paintIf($dom_result, $i == NUMBER);
} else {
$this->assertEqual($dom_expect[$i], $dom_result, 'Test '.$i.': %s');
paintIf($dom_result, $dom_expect[$i] != $dom_result);
}
}
}
}
}
?>

48
tests/index.php
View File

@ -1,25 +1,25 @@
<?php
error_reporting(E_ALL);
require_once 'simpletest/unit_tester.php';
require_once 'simpletest/reporter.php';
require_once 'simpletest/mock_objects.php';
require_once 'Debugger.php';
// emulates inserting a dir called HTMLPurifier into your class dir
set_include_path(get_include_path() . PATH_SEPARATOR . '../library');
$test = new GroupTest('HTMLPurifier');
$test->addTestFile('HTMLPurifier/LexerTest.php');
$test->addTestFile('HTMLPurifier/Lexer/DirectLexTest.php');
//$test->addTestFile('TokenTest.php');
$test->addTestFile('HTMLPurifier/DefinitionTest.php');
$test->addTestFile('HTMLPurifier/ChildDefTest.php');
$test->addTestFile('HTMLPurifier/GeneratorTest.php');
$test->run( new HtmlReporter() );
<?php
error_reporting(E_ALL);
require_once 'simpletest/unit_tester.php';
require_once 'simpletest/reporter.php';
require_once 'simpletest/mock_objects.php';
require_once 'Debugger.php';
// emulates inserting a dir called HTMLPurifier into your class dir
set_include_path(get_include_path() . PATH_SEPARATOR . '../library');
$test = new GroupTest('HTMLPurifier');
$test->addTestFile('HTMLPurifier/LexerTest.php');
$test->addTestFile('HTMLPurifier/Lexer/DirectLexTest.php');
//$test->addTestFile('TokenTest.php');
$test->addTestFile('HTMLPurifier/DefinitionTest.php');
$test->addTestFile('HTMLPurifier/ChildDefTest.php');
$test->addTestFile('HTMLPurifier/GeneratorTest.php');
$test->run( new HtmlReporter() );
?>