Completely remove style if naughty selector is found. This is for compatibility reasons until Tidy 1.4 is released.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1480 48356398-32a2-884e-a903-53898d9a118a
2025-01-03 05:11:52 +00:00 · 2008-01-06 05:36:48 +00:00 · 2008-01-06 05:36:48 +00:00 · 38a59ef5b8
commit 38a59ef5b8
parent 8779b46fc4
2 changed files with 4 additions and 16 deletions
--- a/library/HTMLPurifier/Filter/ExtractStyleBlocks.php
+++ b/library/HTMLPurifier/Filter/ExtractStyleBlocks.php
@ -124,12 +124,7 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
                $selector = trim($selector);
                if ($selector === '') continue; // should not happen
                if ($selector[0] === '+') {
-                    while ($selector !== '' && $selector[0] === '+') {
-                        // we need to perform this multiple times
-                        // to prevent +++ from getting through
-                        $selector = trim(substr($selector, 1));
-                    }
-                    if ($selector === '') continue;
+                    if ($selector !== '' && $selector[0] === '+') continue;
                }
                if (!empty($scopes)) {
                    $new_selector = array(); // because multiple ones are possible
@ -160,8 +155,7 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
        $this->_tidy->import = array();
        $this->_tidy->charset = null;
        $this->_tidy->namespace = null;
-        $printer = new csstidy_print($this->_tidy);
-        $css = $printer->plain();
+        $css = $this->_tidy->print->plain();
        // we are going to escape any special characters <>& to ensure
        // that no funny business occurs (i.e. </style> in a font-family prop).
        if ($config->get('Filter', 'ExtractStyleBlocksEscaping')) {
--- a/tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php
+++ b/tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php
@ -129,18 +129,12 @@ class HTMLPurifier_Filter_ExtractStyleBlocksTest extends HTMLPurifier_Harness
    
    function test_cleanCSS_scopeWithNaughtySelector() {
        $this->config->set('Filter', 'ExtractStyleBlocksScope', '#foo');
-        $this->assertCleanCSS(
-            "  + p {\ntext-indent:1em;\n}",
-            "#foo p {\ntext-indent:1em;\n}"
-        );
+        $this->assertCleanCSS("  + p {\ntext-indent:1em;\n}", '');
    }
    
    function test_cleanCSS_scopeWithMultipleNaughtySelectors() {
        $this->config->set('Filter', 'ExtractStyleBlocksScope', '#foo');
-        $this->assertCleanCSS(
-            "  ++ ++ p {\ntext-indent:1em;\n}",
-            "#foo p {\ntext-indent:1em;\n}"
-        );
+        $this->assertCleanCSS("  ++ ++ p {\ntext-indent:1em;\n}", '');
    }
    
    function test_cleanCSS_scopeWithCommas() {