mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-19 10:45:18 +00:00
Code Releases Activity

Implement %HTML.Attr.Name.UseCDATA which relaxes name validation rules.

Browse Source 
Sponsored-by: Ian Cook <thinkspill@gmail.com>
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
Edward Z. Yang 2009-03-20 19:34:38 -04:00
parent 84e2e141fc
commit 398a02039e
6 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -17,6 +17,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
! HTMLPurifier_Config::inherit($config) allows you to inherit one ! HTMLPurifier_Config::inherit($config) allows you to inherit one
configuration, and have changes to that configuration be propagated configuration, and have changes to that configuration be propagated
to all of its children. to all of its children.
! Implement %HTML.Attr.Name.UseCDATA, which relaxes validation rules on
the name attribute when set. Use with care. Thanks Ian Cook for
sponsoring.
3.3.0, released 2009-02-16 3.3.0, released 2009-02-16
! Implement CSS property 'overflow' when %CSS.AllowTricky is true. ! Implement CSS property 'overflow' when %CSS.AllowTricky is true.

2
library/HTMLPurifier/AttrTransform/Name.php
View File

@ -7,6 +7,8 @@ class HTMLPurifier_AttrTransform_Name extends HTMLPurifier_AttrTransform
{ {
public function transform($attr, $config, $context) { public function transform($attr, $config, $context) {
// Abort early if we're using relaxed definition of name
if ($config->get('HTML.Attr.Name.UseCDATA')) return $attr;
if (!isset($attr['name'])) return $attr; if (!isset($attr['name'])) return $attr;
$id = $this->confiscateAttr($attr, 'name'); $id = $this->confiscateAttr($attr, 'name');
if ( isset($attr['id'])) return $attr; if ( isset($attr['id'])) return $attr;

BIN
library/HTMLPurifier/ConfigSchema/schema.ser
View File

Binary file not shown.

11
library/HTMLPurifier/ConfigSchema/schema/HTML.Attr.Name.UseCDATA.txt Normal file
View File

@ -0,0 +1,11 @@
HTML.Attr.Name.UseCDATA
TYPE: bool
DEFAULT: false
VERSION: 4.0.0
--DESCRIPTION--
The W3C specification DTD defines the name attribute to be CDATA, not ID, due
to limitations of DTD. In certain documents, this relaxed behavior is desired,
whether it is to specify duplicate names, or to specify names that would be
illegal IDs (for example, names that begin with a digit.) Set this configuration
directive to true to use the relaxed parsing rules.
--# vim: et sw=4 sts=4

4
library/HTMLPurifier/HTMLModule/Name.php
View File

@ -10,7 +10,9 @@ class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule
foreach ($elements as $name) { foreach ($elements as $name) {
$element = $this->addBlankElement($name); $element = $this->addBlankElement($name);
$element->attr['name'] = 'CDATA'; $element->attr['name'] = 'CDATA';
$element->attr_transform_post['NameSync'] = new HTMLPurifier_AttrTransform_NameSync(); if (!$config->get('HTML.Attr.Name.UseCDATA')) {
$element->attr_transform_post['NameSync'] = new HTMLPurifier_AttrTransform_NameSync();
}
} }
} }

30
tests/HTMLPurifier/HTMLModule/NameTest.php Normal file
View File

@ -0,0 +1,30 @@
<?php
class HTMLPurifier_HTMLModule_NameTest extends HTMLPurifier_HTMLModuleHarness
{
function setUp() {
parent::setUp();
}
function testBasicUse() {
$this->config->set('Attr.EnableID', true);
$this->assertResult(
'<a name="foo">bar</a>'
);
}
function testCDATA() {
$this->config->set('HTML.Attr.Name.UseCDATA', true);
$this->assertResult(
'<a name="2">Baz</a><a name="2">Bar</a>'
);
}
function testCDATAWithHeavyTidy() {
$this->config->set('HTML.Attr.Name.UseCDATA', true);
$this->config->set('HTML.TidyLevel', 'heavy');
$this->assertResult('<a name="2">Baz</a>');
}
}