mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-03-11 17:18:44 +00:00
Add support for hard exclusions that affect all child nodes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@146 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
aa249be067
commit
26733183b7
@ -208,6 +208,16 @@ class HTMLPurifier_Definition
|
||||
$this->info[$name]->type = 'block';
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
// info[]->excludes : defines elements that aren't allowed in here
|
||||
|
||||
// make sure you test using isset() and not !empty()
|
||||
|
||||
$this->info['a']->excludes = array('a' => true);
|
||||
$this->info['pre']->excludes = array_flip(array('img', 'big', 'small',
|
||||
// technically in spec, but we don't allow em anyway
|
||||
'object', 'applet', 'font', 'basefont'));
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
// info[]->attr : defines allowed attributes for elements
|
||||
|
||||
@ -233,6 +243,8 @@ class HTMLPurifier_Definition
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
// info[]->auto_close : tags that automatically close another
|
||||
|
||||
// make sure you test using isset() not !empty()
|
||||
|
||||
// these are all block elements: blocks aren't allowed in P
|
||||
$this->info['p']->auto_close = array_flip(array(
|
||||
'address', 'blockquote', 'dd', 'dir', 'div', 'dl', 'dt',
|
||||
@ -265,6 +277,7 @@ class HTMLPurifier_ElementDef
|
||||
var $auto_close = array();
|
||||
var $child;
|
||||
var $type = 'unknown';
|
||||
var $excludes = array();
|
||||
|
||||
}
|
||||
|
||||
|
@ -26,6 +26,9 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
|
||||
// $stack[count($stack)-1] being the current parent
|
||||
$stack = array();
|
||||
|
||||
// stack that contains all elements that are excluded
|
||||
$exclude_stack = array();
|
||||
|
||||
for ($i = 0, $size = count($tokens) ; $i < $size; ) {
|
||||
|
||||
$child_tokens = array();
|
||||
@ -63,11 +66,31 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
|
||||
$context = 'unknown';
|
||||
}
|
||||
|
||||
// DEFINITION CALL
|
||||
$child_def = $this->definition->info[$tokens[$i]->name]->child;
|
||||
// determine whether or not element is excluded
|
||||
$excluded = false;
|
||||
if (!empty($exclude_stack)) {
|
||||
foreach ($exclude_stack as $lookup) {
|
||||
if (isset($lookup[$tokens[$i]->name])) {
|
||||
$excluded = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// have DTD child def validate children
|
||||
$result = $child_def->validateChildren($child_tokens, $context);
|
||||
if ($excluded) {
|
||||
$result = false;
|
||||
} else {
|
||||
// DEFINITION CALL
|
||||
$def = $this->definition->info[$tokens[$i]->name];
|
||||
|
||||
$child_def = $def->child;
|
||||
|
||||
// have DTD child def validate children
|
||||
$result = $child_def->validateChildren($child_tokens, $context);
|
||||
|
||||
// determine whether or not this element has any exclusions
|
||||
$excludes = $def->excludes;
|
||||
}
|
||||
|
||||
// process result
|
||||
if ($result === true) {
|
||||
@ -77,6 +100,9 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
|
||||
// register start token as a parental node start
|
||||
$stack[] = $i;
|
||||
|
||||
// register exclusions if there are any
|
||||
if (!empty($excludes)) $exclude_stack[] = $excludes;
|
||||
|
||||
// move cursor to next possible start node
|
||||
$i++;
|
||||
|
||||
@ -113,6 +139,9 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
|
||||
// register start token as a parental node start
|
||||
$stack[] = $i;
|
||||
|
||||
// register exclusions if there are any
|
||||
if (!empty($excludes)) $exclude_stack[] = $excludes;
|
||||
|
||||
// move cursor to next possible start node
|
||||
$i++;
|
||||
|
||||
@ -124,8 +153,15 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
|
||||
// Test if the token indeed is a start tag, if not, move forward
|
||||
// and test again.
|
||||
while ($i < $size and $tokens[$i]->type != 'start') {
|
||||
// pop a token index off the stack if we ended a node
|
||||
if ($tokens[$i]->type == 'end') array_pop($stack);
|
||||
if ($tokens[$i]->type == 'end') {
|
||||
// pop a token index off the stack if we ended a node
|
||||
array_pop($stack);
|
||||
// pop an exclusion lookup off exclusion stack if
|
||||
// we ended node and that node had exclusions
|
||||
if ($this->definition->info[$tokens[$i]->name]->excludes) {
|
||||
array_pop($exclude_stack);
|
||||
}
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
|
||||
|
@ -65,6 +65,10 @@ class HTMLPurifier_Strategy_FixNestingTest
|
||||
$inputs[11] = '<span><ins><div>Not allowed!</div></ins></span>';
|
||||
$expect[11] = '<span><ins><div>Not allowed!</div></ins></span>';
|
||||
|
||||
// test exclusions
|
||||
$inputs[12] = '<a><span><a>Not allowed</a></span></a>';
|
||||
$expect[12] = '<a><span></span></a>';
|
||||
|
||||
$this->assertStrategyWorks($strategy, $inputs, $expect);
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user