mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 23:28:42 +00:00
Code Releases Activity

Escape CDATA before handling conditional comments.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang 2010-09-28 12:11:26 -04:00
parent 8c80349f9d
commit 1d4a38d055
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -13,6 +13,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
! Added %HTML.Nofollow to add rel="nofollow" to external links. ! Added %HTML.Nofollow to add rel="nofollow" to external links.
- Make removal of conditional IE comments ungreedy; thanks Bernd - Make removal of conditional IE comments ungreedy; thanks Bernd
for reporting. for reporting.
- Escape CDATA before removing Internet Explorer comments.
4.2.0, released 2010-09-15 4.2.0, released 2010-09-15
! Added %Core.RemoveProcessingInstructions, which lets you remove ! Added %Core.RemoveProcessingInstructions, which lets you remove

4
library/HTMLPurifier/Lexer.php
View File

@ -273,11 +273,11 @@ class HTMLPurifier_Lexer
$html = $this->escapeCommentedCDATA($html); $html = $this->escapeCommentedCDATA($html);
} }
$html = $this->removeIEConditional($html);
// escape CDATA // escape CDATA
$html = $this->escapeCDATA($html); $html = $this->escapeCDATA($html);
$html = $this->removeIEConditional($html);
// extract body from document if applicable // extract body from document if applicable
if ($config->get('Core.ConvertDocumentToFragment')) { if ($config->get('Core.ConvertDocumentToFragment')) {
$e = false; $e = false;