0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-20 12:31:53 +00:00

Don't truncate in DOMLex when seeing closing div

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang 2014-08-31 08:50:33 +01:00
parent 80ebd4322e
commit 15d1a3003a
4 changed files with 24 additions and 6 deletions

4
NEWS
View File

@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. Internal change . Internal change
========================== ==========================
4.7.0, unknown release date
- Don't truncate upon encountering </div> when using DOMLex. Thanks
Myrto Christina for finally convincing me to fix this.
4.6.0, released 2013-11-30 4.6.0, released 2013-11-30
# Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret). # Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret).
Please update any verification scripts you may have. Please update any verification scripts you may have.

View File

@ -75,8 +75,7 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
$tokens = array(); $tokens = array();
$this->tokenizeDOM( $this->tokenizeDOM(
$doc->getElementsByTagName('html')->item(0)-> // <html> $doc->getElementsByTagName('html')->item(0)-> // <html>
getElementsByTagName('body')->item(0)-> // <body> getElementsByTagName('body')->item(0), // <body>
getElementsByTagName('div')->item(0), // <div>
$tokens $tokens
); );
return $tokens; return $tokens;
@ -272,7 +271,7 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
$ret .= '<html><head>'; $ret .= '<html><head>';
$ret .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'; $ret .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
// No protection if $html contains a stray </div>! // No protection if $html contains a stray </div>!
$ret .= '</head><body><div>' . $html . '</div></body></html>'; $ret .= '</head><body>' . $html . '</body></html>';
return $ret; return $ret;
} }
} }

View File

@ -34,8 +34,7 @@ class HTMLPurifier_Lexer_PH5P extends HTMLPurifier_Lexer_DOMLex
$tokens = array(); $tokens = array();
$this->tokenizeDOM( $this->tokenizeDOM(
$doc->getElementsByTagName('html')->item(0)-> // <html> $doc->getElementsByTagName('html')->item(0)-> // <html>
getElementsByTagName('body')->item(0)-> // <body> getElementsByTagName('body')->item(0) // <body>
getElementsByTagName('div')->item(0) // <div>
, ,
$tokens $tokens
); );

View File

@ -264,7 +264,8 @@ class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
new HTMLPurifier_Token_End('poolasdf'), new HTMLPurifier_Token_End('poolasdf'),
new HTMLPurifier_Token_End('pooloka'), new HTMLPurifier_Token_End('pooloka'),
), ),
'PH5P' => $alt, // 20140831: Weird, but whatever...
'PH5P' => array(new HTMLPurifier_Token_Empty('asdf')),
) )
); );
} }
@ -800,6 +801,21 @@ div {}
); );
} }
public function test_tokenizeHTML_prematureDivClose()
{
$this->assertTokenization(
'</div>dontdie',
array(
new HTMLPurifier_Token_End('div'),
new HTMLPurifier_Token_Text('dontdie')
),
array(
'DOMLex' => $alt = array(new HTMLPurifier_Token_Text('dontdie')),
'PH5P' => $alt
)
);
}
/* /*