mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-09-18 18:25:18 +00:00
fix: Ignore conditional comments (#401)
This commit is contained in:
Kent Oyer
GitHub
parent
9ca5a3687b
commit
4828fdf45a
@ -269,20 +269,6 @@ class HTMLPurifier_Lexer
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Special Internet Explorer conditional comments should be removed.
|
|
||||||
* @param string $string HTML string to process.
|
|
||||||
* @return string HTML with conditional comments removed.
|
|
||||||
*/
|
|
||||||
protected static function removeIEConditional($string)
|
|
||||||
{
|
|
||||||
return preg_replace(
|
|
||||||
'#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
|
|
||||||
'',
|
|
||||||
$string
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Callback function for escapeCDATA() that does the work.
|
* Callback function for escapeCDATA() that does the work.
|
||||||
*
|
*
|
||||||
@ -323,8 +309,6 @@ class HTMLPurifier_Lexer
|
|||||||
// escape CDATA
|
// escape CDATA
|
||||||
$html = $this->escapeCDATA($html);
|
$html = $this->escapeCDATA($html);
|
||||||
|
|
||||||
$html = $this->removeIEConditional($html);
|
|
||||||
|
|
||||||
// extract body from document if applicable
|
// extract body from document if applicable
|
||||||
if ($config->get('Core.ConvertDocumentToFragment')) {
|
if ($config->get('Core.ConvertDocumentToFragment')) {
|
||||||
$e = false;
|
$e = false;
|
||||||
|
|||||||
@ -380,6 +380,24 @@ class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Conditional comments are not supported by HTMLPurifier, but we
|
||||||
|
* should make sure they don't break the lexer.
|
||||||
|
*/
|
||||||
|
public function test_tokenizeHTML_conditionalComments()
|
||||||
|
{
|
||||||
|
$this->assertTokenization(
|
||||||
|
'<!--[if mso]>A<![endif]-->B<!--[if !mso]><!---->C<!-- <![endif]-->',
|
||||||
|
array(
|
||||||
|
new HTMLPurifier_Token_Comment('[if mso]>A<![endif]'),
|
||||||
|
new HTMLPurifier_Token_Text("B"),
|
||||||
|
new HTMLPurifier_Token_Comment('[if !mso]><!--'),
|
||||||
|
new HTMLPurifier_Token_Text("C"),
|
||||||
|
new HTMLPurifier_Token_Comment(' <![endif]'),
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
public function test_tokenizeHTML_unterminatedTag()
|
public function test_tokenizeHTML_unterminatedTag()
|
||||||
{
|
{
|
||||||
$this->assertTokenization(
|
$this->assertTokenization(
|
||||||
@ -785,14 +803,6 @@ div {}
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_tokenizeHTML_ignoreIECondComment()
|
|
||||||
{
|
|
||||||
$this->assertTokenization(
|
|
||||||
'<!--[if IE]>foo<a>bar<!-- baz --><![endif]-->',
|
|
||||||
array()
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function test_tokenizeHTML_removeProcessingInstruction()
|
public function test_tokenizeHTML_removeProcessingInstruction()
|
||||||
{
|
{
|
||||||
$this->config->set('Core.RemoveProcessingInstructions', true);
|
$this->config->set('Core.RemoveProcessingInstructions', true);
|
||||||
@ -824,16 +834,6 @@ div {}
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_tokenizeHTML_conditionalCommentUngreedy()
|
|
||||||
{
|
|
||||||
$this->assertTokenization(
|
|
||||||
'<!--[if gte mso 9]>a<![endif]-->b<!--[if gte mso 9]>c<![endif]-->',
|
|
||||||
array(
|
|
||||||
new HTMLPurifier_Token_Text("b")
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function test_tokenizeHTML_imgTag()
|
public function test_tokenizeHTML_imgTag()
|
||||||
{
|
{
|
||||||
$start = array(
|
$start = array(
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user