Allow <![CDATA[<body>...</body>]]> not to trigger Core.ConvertDocumentToFragment

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2024-11-09 15:28:40 +00:00 · 2008-08-01 19:06:28 -04:00 · 2008-08-01 19:06:28 -04:00 · 1d90bb2397
commit 1d90bb2397
parent 03dabec2c0
3 changed files with 26 additions and 5 deletions
--- a/1
+++ b/1
@ -36,6 +36,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Do not re-munge URL if the output URL has the same host as the input URL.
  Requested by Chris.
 - Fix error in documentation regarding %Filter.ExtractStyleBlocks
+- Prevent <![CDATA[<body></body>]]> from triggering %Core.ConvertDocumentToFragment
 . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
  for more interesting filter-backtracking
 . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind
--- a/library/HTMLPurifier/Lexer.php
+++ b/library/HTMLPurifier/Lexer.php
@ -226,11 +226,6 @@ class HTMLPurifier_Lexer
     */
    public function normalize($html, $config, $context) {
        
-        // extract body from document if applicable
-        if ($config->get('Core', 'ConvertDocumentToFragment')) {
-            $html = $this->extractBody($html);
-        }
-        
        // normalize newlines to \n
        $html = str_replace("\r\n", "\n", $html);
        $html = str_replace("\r", "\n", $html);
@ -243,6 +238,11 @@ class HTMLPurifier_Lexer
        // escape CDATA
        $html = $this->escapeCDATA($html);
        
+        // extract body from document if applicable
+        if ($config->get('Core', 'ConvertDocumentToFragment')) {
+            $html = $this->extractBody($html);
+        }
+        
        // expand entities that aren't the big five
        $html = $this->_entity_parser->substituteNonSpecialEntities($html);
        
--- a/tests/HTMLPurifier/LexerTest.php
+++ b/tests/HTMLPurifier/LexerTest.php
@ -634,6 +634,26 @@ div {}
        );
    }
    
+    function test_tokenizeHTML_bodyInCDATA() {
+        $this->assertTokenization(
+            '<![CDATA[<body>Foo</body>]]>',
+            array(
+                new HTMLPurifier_Token_Text('<body>Foo</body>'),
+            ),
+            array(
+                'PH5P' => array(
+                    new HTMLPurifier_Token_Text('<'),
+                    new HTMLPurifier_Token_Text('body'),
+                    new HTMLPurifier_Token_Text('>'),
+                    new HTMLPurifier_Token_Text('Foo'),
+                    new HTMLPurifier_Token_Text('<'),
+                    new HTMLPurifier_Token_Text('/body'),
+                    new HTMLPurifier_Token_Text('>'),
+                ),
+            )
+        );
+    }
+    
    /*
    
    function test_tokenizeHTML_() {