mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-05 14:11:52 +00:00
Code Releases Activity

[1.7.0] Armor error messages against XSS injection.

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1062 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-05-15 01:24:20 +00:00
parent f7eccc0038
commit 2cbb3be602
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/HTMLPurifier/HTMLDefinition.php
View File

@ -170,6 +170,7 @@ class HTMLPurifier_HTMLDefinition
$this->processModules(); $this->processModules();
$this->setupConfigStuff(); $this->setupConfigStuff();
// remove complicated variables to ease serialization
unset($this->config); unset($this->config);
unset($this->manager); unset($this->manager);
@ -240,6 +241,7 @@ class HTMLPurifier_HTMLDefinition
} }
// emit errors // emit errors
foreach ($allowed_elements as $element => $d) { foreach ($allowed_elements as $element => $d) {
$element = htmlspecialchars($element);
trigger_error("Element '$element' is not supported $support", E_USER_WARNING); trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
} }
} }
@ -271,6 +273,8 @@ class HTMLPurifier_HTMLDefinition
// emit errors // emit errors
foreach ($allowed_attributes_mutable as $elattr => $d) { foreach ($allowed_attributes_mutable as $elattr => $d) {
list($element, $attribute) = explode('.', $elattr); list($element, $attribute) = explode('.', $elattr);
$element = htmlspecialchars($element);
$attribute = htmlspecialchars($attribute);
if ($element == '*') { if ($element == '*') {
trigger_error("Global attribute '$attribute' is not ". trigger_error("Global attribute '$attribute' is not ".
"supported in any elements $support", "supported in any elements $support",