mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-31 20:01:52 +00:00
[3.1.0] Landed modified patch by Braden Anderson for %CSS.AllowedProperties
- Fix broken ConfigSchema build, as well as broken aliases - Remove another advisory property from runtime ConfigSchema classes - Reorder flush script to more accurately reflect dependencies - Remove some aliases from unit tests git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1635 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
9f2f6c3166
commit
51cbb72649
6
NEWS
6
NEWS
@ -36,6 +36,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
! HTML Purifier now has its own Exception hierarchy under HTMLPurifier_Exception.
|
! HTML Purifier now has its own Exception hierarchy under HTMLPurifier_Exception.
|
||||||
Developer error (not enduser error) can cause these to be triggered.
|
Developer error (not enduser error) can cause these to be triggered.
|
||||||
! Experimental kses() wrapper introduced with HTMLPurifier.kses.php
|
! Experimental kses() wrapper introduced with HTMLPurifier.kses.php
|
||||||
|
! Finally %CSS.AllowedProperties for tweaking allowed CSS properties without
|
||||||
|
mucking around with HTMLPurifier_CSSDefinition
|
||||||
- Autoclose now operates iteratively, i.e. <span><span><div> now has
|
- Autoclose now operates iteratively, i.e. <span><span><div> now has
|
||||||
both span tags closed.
|
both span tags closed.
|
||||||
- Various HTMLPurifier_Config convenience functions now accept another parameter
|
- Various HTMLPurifier_Config convenience functions now accept another parameter
|
||||||
@ -75,7 +77,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
. HTMLPurifier_ConfigSchema->validate() deprecated in favor of
|
. HTMLPurifier_ConfigSchema->validate() deprecated in favor of
|
||||||
HTMLPurifier_VarParser->parse()
|
HTMLPurifier_VarParser->parse()
|
||||||
. Integers auto-cast into float type by VarParser.
|
. Integers auto-cast into float type by VarParser.
|
||||||
. HTMLPURIFIER_STRICT
|
. HTMLPURIFIER_STRICT removed; no validation is performed on runtime, only
|
||||||
|
during cache generation
|
||||||
|
. Reordered script calls in maintenance/flush.php
|
||||||
|
|
||||||
3.0.0, released 2008-01-06
|
3.0.0, released 2008-01-06
|
||||||
# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained
|
# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained
|
||||||
|
4
TODO
4
TODO
@ -27,6 +27,10 @@ DOCUMENTATION
|
|||||||
IMPORTANT FEATURES
|
IMPORTANT FEATURES
|
||||||
- Get everything into configuration objects (filters, I'm looking at you)
|
- Get everything into configuration objects (filters, I'm looking at you)
|
||||||
- Factor out command line parser into its own class, and unit test it
|
- Factor out command line parser into its own class, and unit test it
|
||||||
|
- Verbose mode for webtester that includes transcript from command line
|
||||||
|
- Command line maintenance scripts must complain with exit(1) if there are
|
||||||
|
fatal errors
|
||||||
|
- Emit notices when aliases are used (allow muting these errors)
|
||||||
|
|
||||||
CONFIGDOC
|
CONFIGDOC
|
||||||
- Properly integrate new ConfigSchema system into configdoc. DESCRIPTIONS
|
- Properly integrate new ConfigSchema system into configdoc. DESCRIPTIONS
|
||||||
|
@ -212,6 +212,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
|||||||
$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
|
$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->setupConfigStuff($config);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function doSetupProprietary($config) {
|
protected function doSetupProprietary($config) {
|
||||||
@ -245,5 +246,32 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
|||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Performs extra config-based processing. Based off of
|
||||||
|
* HTMLPurifier_HTMLDefinition.
|
||||||
|
* @todo Refactor duplicate elements into common class (probably using
|
||||||
|
* composition, not inheritance).
|
||||||
|
*/
|
||||||
|
protected function setupConfigStuff($config) {
|
||||||
|
|
||||||
|
// setup allowed elements
|
||||||
|
$support = "(for information on implementing this, see the ".
|
||||||
|
"support forums) ";
|
||||||
|
$allowed_attributes = $config->get('CSS', 'AllowedProperties');
|
||||||
|
if ($allowed_attributes !== null) {
|
||||||
|
foreach ($this->info as $name => $d) {
|
||||||
|
if(!isset($allowed_attributes[$name])) unset($this->info[$name]);
|
||||||
|
unset($allowed_attributes[$name]);
|
||||||
|
}
|
||||||
|
// emit errors
|
||||||
|
foreach ($allowed_attributes as $name => $d) {
|
||||||
|
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||||
|
$name = htmlspecialchars($name);
|
||||||
|
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -51,11 +51,5 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
|
|||||||
*/
|
*/
|
||||||
public $aliases = array();
|
public $aliases = array();
|
||||||
|
|
||||||
/**
|
|
||||||
* Advisory list of directive aliases, i.e. other directives that
|
|
||||||
* redirect here
|
|
||||||
*/
|
|
||||||
public $directiveAliases = array();
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -118,7 +118,6 @@ class HTMLPurifier_ConfigSchema {
|
|||||||
*/
|
*/
|
||||||
public function addAlias($namespace, $name, $new_namespace, $new_name) {
|
public function addAlias($namespace, $name, $new_namespace, $new_name) {
|
||||||
$this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_DirectiveAlias($new_namespace, $new_name);
|
$this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_DirectiveAlias($new_namespace, $new_name);
|
||||||
$this->info[$new_namespace][$new_name]->directiveAliases[] = "$namespace.$name";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// DEPRECATED METHODS
|
// DEPRECATED METHODS
|
||||||
|
@ -9,10 +9,10 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
|
|||||||
|
|
||||||
public function build($interchange) {
|
public function build($interchange) {
|
||||||
$schema = new HTMLPurifier_ConfigSchema();
|
$schema = new HTMLPurifier_ConfigSchema();
|
||||||
foreach ($this->namespaces as $n) {
|
foreach ($interchange->namespaces as $n) {
|
||||||
$schema->addNamespace($n->namespace);
|
$schema->addNamespace($n->namespace);
|
||||||
}
|
}
|
||||||
foreach ($this->directives as $d) {
|
foreach ($interchange->directives as $d) {
|
||||||
$schema->add(
|
$schema->add(
|
||||||
$d->id->namespace,
|
$d->id->namespace,
|
||||||
$d->id->directive,
|
$d->id->directive,
|
||||||
@ -29,8 +29,8 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
|
|||||||
}
|
}
|
||||||
foreach ($d->aliases as $alias) {
|
foreach ($d->aliases as $alias) {
|
||||||
$schema->addAlias(
|
$schema->addAlias(
|
||||||
$alias->id->namespace,
|
$alias->namespace,
|
||||||
$alias->id->directive,
|
$alias->directive,
|
||||||
$d->id->namespace,
|
$d->id->namespace,
|
||||||
$d->id->directive
|
$d->id->directive
|
||||||
);
|
);
|
||||||
@ -43,6 +43,7 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return $schema;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,17 @@
|
|||||||
|
CSS.AllowedProperties
|
||||||
|
TYPE: lookup/null
|
||||||
|
VERSION: 3.1.0
|
||||||
|
DEFAULT: NULL
|
||||||
|
--DESCRIPTION--
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If HTML Purifier's style attributes set is unsatisfactory for your needs,
|
||||||
|
you can overload it with your own list of tags to allow. Note that this
|
||||||
|
method is subtractive: it does its job by taking away from HTML Purifier
|
||||||
|
usual feature set, so you cannot add an attribute that HTML Purifier never
|
||||||
|
supported in the first place.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<strong>Warning:</strong> If another directive conflicts with the
|
||||||
|
elements here, <em>that</em> directive will win and override.
|
||||||
|
</p>
|
@ -1,5 +1,5 @@
|
|||||||
Filter.ExtractStyleBlocksScope
|
Filter.ExtractStyleBlocksScope
|
||||||
TYPE: string
|
TYPE: string/null
|
||||||
VERSION: 3.0.0
|
VERSION: 3.0.0
|
||||||
DEFAULT: NULL
|
DEFAULT: NULL
|
||||||
--DESCRIPTION--
|
--DESCRIPTION--
|
||||||
|
@ -252,6 +252,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
|||||||
}
|
}
|
||||||
// emit errors
|
// emit errors
|
||||||
foreach ($allowed_elements as $element => $d) {
|
foreach ($allowed_elements as $element => $d) {
|
||||||
|
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||||
$element = htmlspecialchars($element);
|
$element = htmlspecialchars($element);
|
||||||
trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
|
trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
|
||||||
}
|
}
|
||||||
@ -283,6 +284,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
|||||||
// emit errors
|
// emit errors
|
||||||
foreach ($allowed_attributes_mutable as $elattr => $d) {
|
foreach ($allowed_attributes_mutable as $elattr => $d) {
|
||||||
list($element, $attribute) = explode('.', $elattr);
|
list($element, $attribute) = explode('.', $elattr);
|
||||||
|
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||||
$element = htmlspecialchars($element);
|
$element = htmlspecialchars($element);
|
||||||
$attribute = htmlspecialchars($attribute);
|
$attribute = htmlspecialchars($attribute);
|
||||||
if ($element == '*') {
|
if ($element == '*') {
|
||||||
|
@ -18,6 +18,6 @@ function e($cmd) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
e('php generate-includes.php');
|
e('php generate-includes.php');
|
||||||
e('php flush-definition-cache.php');
|
|
||||||
e('php generate-schema-cache.php');
|
e('php generate-schema-cache.php');
|
||||||
|
e('php flush-definition-cache.php');
|
||||||
e('php generate-standalone.php');
|
e('php generate-standalone.php');
|
||||||
|
@ -45,21 +45,21 @@ class HTMLPurifier_DefinitionCacheFactoryTest extends HTMLPurifier_Harness
|
|||||||
}
|
}
|
||||||
|
|
||||||
function test_create_invalid() {
|
function test_create_invalid() {
|
||||||
$this->config->set('Core', 'DefinitionCache', 'Invalid');
|
$this->config->set('Cache', 'DefinitionImpl', 'Invalid');
|
||||||
$this->expectError('Unrecognized DefinitionCache Invalid, using Serializer instead');
|
$this->expectError('Unrecognized DefinitionCache Invalid, using Serializer instead');
|
||||||
$cache = $this->factory->create('Test', $this->config);
|
$cache = $this->factory->create('Test', $this->config);
|
||||||
$this->assertIsA($cache, 'HTMLPurifier_DefinitionCache_Serializer');
|
$this->assertIsA($cache, 'HTMLPurifier_DefinitionCache_Serializer');
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_null() {
|
function test_null() {
|
||||||
$this->config->set('Core', 'DefinitionCache', null);
|
$this->config->set('Cache', 'DefinitionImpl', null);
|
||||||
$cache = $this->factory->create('Test', $this->config);
|
$cache = $this->factory->create('Test', $this->config);
|
||||||
$this->assertEqual($cache, new HTMLPurifier_DefinitionCache_Null('Test'));
|
$this->assertEqual($cache, new HTMLPurifier_DefinitionCache_Null('Test'));
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_register() {
|
function test_register() {
|
||||||
generate_mock_once('HTMLPurifier_DefinitionCache');
|
generate_mock_once('HTMLPurifier_DefinitionCache');
|
||||||
$this->config->set('Core', 'DefinitionCache', 'TestCache');
|
$this->config->set('Cache', 'DefinitionImpl', 'TestCache');
|
||||||
$this->factory->register('TestCache', $class = 'HTMLPurifier_DefinitionCacheMock');
|
$this->factory->register('TestCache', $class = 'HTMLPurifier_DefinitionCacheMock');
|
||||||
$cache = $this->factory->create('Test', $this->config);
|
$cache = $this->factory->create('Test', $this->config);
|
||||||
$this->assertIsA($cache, $class);
|
$this->assertIsA($cache, $class);
|
||||||
|
@ -53,6 +53,23 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testDifferentAllowedCSSProperties() {
|
||||||
|
|
||||||
|
$this->purifier = new HTMLPurifier(array(
|
||||||
|
'CSS.AllowedProperties' => array('color', 'background-color')
|
||||||
|
));
|
||||||
|
|
||||||
|
$this->assertPurification(
|
||||||
|
'<div style="color:#f00;background-color:#ded;">red</div>'
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->assertPurification(
|
||||||
|
'<div style="color:#f00;border:1px solid #000">red</div>',
|
||||||
|
'<div style="color:#f00;">red</div>'
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
function testDisableURI() {
|
function testDisableURI() {
|
||||||
|
|
||||||
$this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );
|
$this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );
|
||||||
|
Loading…
Reference in New Issue
Block a user