mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-05 06:01:52 +00:00
Code Releases Activity

Fix improper handling of IE conditional comments.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang 2010-06-18 06:08:54 -07:00
parent 18e538317a
commit 33afd7d9e0
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. Internal change . Internal change
========================== ==========================
4.1.2, unknown release date
- Fix improper handling of Internet Explorer conditional comments
by parser. Thanks zmonteca for reporting.
4.1.1, released 2010-05-31 4.1.1, released 2010-05-31
- Fix undefined index warnings in maintenance scripts. - Fix undefined index warnings in maintenance scripts.
- Fix bug in DirectLex for parsing elements with a single attribute - Fix bug in DirectLex for parsing elements with a single attribute

13
library/HTMLPurifier/Lexer.php
View File

@ -230,6 +230,17 @@ class HTMLPurifier_Lexer
); );
} }
/**
* Special Internet Explorer conditional comments should be removed.
*/
protected static function removeIEConditional($string) {
return preg_replace(
'#<!--\[if [^>]+\]>.*<!\[endif\]-->#si', // probably should generalize for all strings
'',
$string
);
}
/** /**
* Callback function for escapeCDATA() that does the work. * Callback function for escapeCDATA() that does the work.
* *
@ -260,6 +271,8 @@ class HTMLPurifier_Lexer
$html = $this->escapeCommentedCDATA($html); $html = $this->escapeCommentedCDATA($html);
} }
$html = $this->removeIEConditional($html);
// escape CDATA // escape CDATA
$html = $this->escapeCDATA($html); $html = $this->escapeCDATA($html);

6
tests/HTMLPurifier/HTMLT/double-youtube.htmlt Normal file
View File

@ -0,0 +1,6 @@
--INI--
HTML.SafeObject = true
Output.FlashCompat = true
--HTML--
<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /><!--[if IE]><embed width="425" height="350" src="http://www.youtube.com/v/BdU--T8rLns" allowScriptAccess="never" allowNetworking="internal" wmode="window" /><![endif]--></object>
--# vim: et sw=4 sts=4

7
tests/HTMLPurifier/LexerTest.php
View File

@ -710,6 +710,13 @@ div {}
); );
} }
function test_tokenizeHTML_ignoreIECondComment() {
$this->assertTokenization(
'<!--[if IE]>foo<a>bar<!-- baz --><![endif]-->',
array()
);
}
/* /*
function test_tokenizeHTML_() { function test_tokenizeHTML_() {