mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-05 06:01:52 +00:00
Code Releases Activity

Completely remove style if naughty selector is found. This is for compatibility reasons until Tidy 1.4 is released.

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1480 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-01-06 05:36:48 +00:00
parent 8779b46fc4
commit 38a59ef5b8
2 changed files with 4 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/HTMLPurifier/Filter/ExtractStyleBlocks.php
View File

@ -124,12 +124,7 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
$selector = trim($selector); $selector = trim($selector);
if ($selector === '') continue; // should not happen if ($selector === '') continue; // should not happen
if ($selector[0] === '+') { if ($selector[0] === '+') {
while ($selector !== '' && $selector[0] === '+') { if ($selector !== '' && $selector[0] === '+') continue;
// we need to perform this multiple times
// to prevent +++ from getting through
$selector = trim(substr($selector, 1));
}
if ($selector === '') continue;
} }
if (!empty($scopes)) { if (!empty($scopes)) {
$new_selector = array(); // because multiple ones are possible $new_selector = array(); // because multiple ones are possible
@ -160,8 +155,7 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
$this->_tidy->import = array(); $this->_tidy->import = array();
$this->_tidy->charset = null; $this->_tidy->charset = null;
$this->_tidy->namespace = null; $this->_tidy->namespace = null;
$printer = new csstidy_print($this->_tidy); $css = $this->_tidy->print->plain();
$css = $printer->plain();
// we are going to escape any special characters <>& to ensure // we are going to escape any special characters <>& to ensure
// that no funny business occurs (i.e. </style> in a font-family prop). // that no funny business occurs (i.e. </style> in a font-family prop).
if ($config->get('Filter', 'ExtractStyleBlocksEscaping')) { if ($config->get('Filter', 'ExtractStyleBlocksEscaping')) {

10
tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php
View File

@ -129,18 +129,12 @@ class HTMLPurifier_Filter_ExtractStyleBlocksTest extends HTMLPurifier_Harness
function test_cleanCSS_scopeWithNaughtySelector() { function test_cleanCSS_scopeWithNaughtySelector() {
$this->config->set('Filter', 'ExtractStyleBlocksScope', '#foo'); $this->config->set('Filter', 'ExtractStyleBlocksScope', '#foo');
$this->assertCleanCSS( $this->assertCleanCSS(" + p {\ntext-indent:1em;\n}", '');
" + p {\ntext-indent:1em;\n}",
"#foo p {\ntext-indent:1em;\n}"
);
} }
function test_cleanCSS_scopeWithMultipleNaughtySelectors() { function test_cleanCSS_scopeWithMultipleNaughtySelectors() {
$this->config->set('Filter', 'ExtractStyleBlocksScope', '#foo'); $this->config->set('Filter', 'ExtractStyleBlocksScope', '#foo');
$this->assertCleanCSS( $this->assertCleanCSS(" ++ ++ p {\ntext-indent:1em;\n}", '');
" ++ ++ p {\ntext-indent:1em;\n}",
"#foo p {\ntext-indent:1em;\n}"
);
} }
function test_cleanCSS_scopeWithCommas() { function test_cleanCSS_scopeWithCommas() {