From 398a02039e4c14ee01ad7853c8667c558f8d5f71 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Fri, 20 Mar 2009 19:34:38 -0400 Subject: [PATCH] Implement %HTML.Attr.Name.UseCDATA which relaxes name validation rules. Sponsored-by: Ian Cook Signed-off-by: Edward Z. Yang --- NEWS | 3 ++ library/HTMLPurifier/AttrTransform/Name.php | 2 ++ library/HTMLPurifier/ConfigSchema/schema.ser | Bin 11779 -> 11884 bytes .../schema/HTML.Attr.Name.UseCDATA.txt | 11 +++++++ library/HTMLPurifier/HTMLModule/Name.php | 4 ++- tests/HTMLPurifier/HTMLModule/NameTest.php | 30 ++++++++++++++++++ 6 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt create mode 100644 tests/HTMLPurifier/HTMLModule/NameTest.php diff --git a/NEWS b/NEWS index fa2a65c3..655f76c1 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier ! HTMLPurifier_Config::inherit($config) allows you to inherit one configuration, and have changes to that configuration be propagated to all of its children. +! Implement %HTML.Attr.Name.UseCDATA, which relaxes validation rules on + the name attribute when set. Use with care. Thanks Ian Cook for + sponsoring. 3.3.0, released 2009-02-16 ! Implement CSS property 'overflow' when %CSS.AllowTricky is true. diff --git a/library/HTMLPurifier/AttrTransform/Name.php b/library/HTMLPurifier/AttrTransform/Name.php index e6f93aee..15315bc7 100644 --- a/library/HTMLPurifier/AttrTransform/Name.php +++ b/library/HTMLPurifier/AttrTransform/Name.php @@ -7,6 +7,8 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform { public function transform($attr, $config, $context) { + // Abort early if we're using relaxed definition of name + if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr; if (!isset($attr['name'])) return $attr; $id = $this->confiscateAttr($attr, 'name'); if ( isset($attr['id'])) return $attr; diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser index bd8f501375714cf7256ea2596f6866198c6fb437..b8e5f347463af1469f7d0edf5aaac2eabe05319c 100644 GIT binary patch delta 147 zcmZpUc@s0ijL~@WZN7UP3P#3ON**D;K6;KNB}ICEiMgqIp~b1rE{-9NO4dnM2Aj8u jH?mHi%;!#mhE1%KZ}BN_?v{1n#BYA4mHFlqYS!!k6%#L# delta 58 zcmaD8(;PFwZ1Or;<;@EGdpIVWsEcp*=Um5%E|ShVxmMPY(Qxy6*(A=*Ch8XK0Bxlc ALI3~& diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt new file mode 100644 index 00000000..151fb7b8 --- /dev/null +++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt @@ -0,0 +1,11 @@ +HTML.Attr.Name.UseCDATA +TYPE: bool +DEFAULT: false +VERSION: 4.0.0 +--DESCRIPTION-- +The W3C specification DTD defines the name attribute to be CDATA, not ID, due +to limitations of DTD. In certain documents, this relaxed behavior is desired, +whether it is to specify duplicate names, or to specify names that would be +illegal IDs (for example, names that begin with a digit.) Set this configuration +directive to true to use the relaxed parsing rules. +--# vim: et sw=4 sts=4 diff --git a/library/HTMLPurifier/HTMLModule/Name.php b/library/HTMLPurifier/HTMLModule/Name.php index af2b1195..05694b45 100644 --- a/library/HTMLPurifier/HTMLModule/Name.php +++ b/library/HTMLPurifier/HTMLModule/Name.php @@ -10,7 +10,9 @@ class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule foreach ($elements as $name) { $element = $this->addBlankElement($name); $element->attr['name'] = 'CDATA'; - $element->attr_transform_post['NameSync'] = new HTMLPurifier_AttrTransform_NameSync(); + if (!$config->get('HTML.Attr.Name.UseCDATA')) { + $element->attr_transform_post['NameSync'] = new HTMLPurifier_AttrTransform_NameSync(); + } } } diff --git a/tests/HTMLPurifier/HTMLModule/NameTest.php b/tests/HTMLPurifier/HTMLModule/NameTest.php new file mode 100644 index 00000000..55180b2e --- /dev/null +++ b/tests/HTMLPurifier/HTMLModule/NameTest.php @@ -0,0 +1,30 @@ +config->set('Attr.EnableID', true); + $this->assertResult( + 'bar' + ); + } + + function testCDATA() { + $this->config->set('HTML.Attr.Name.UseCDATA', true); + $this->assertResult( + 'BazBar' + ); + } + + function testCDATAWithHeavyTidy() { + $this->config->set('HTML.Attr.Name.UseCDATA', true); + $this->config->set('HTML.TidyLevel', 'heavy'); + $this->assertResult('Baz'); + } + +}