0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00

[3.1.0] Landed modified patch by Braden Anderson for %CSS.AllowedProperties

- Fix broken ConfigSchema build, as well as broken aliases
- Remove another advisory property from runtime ConfigSchema classes
- Reorder flush script to more accurately reflect dependencies
- Remove some aliases from unit tests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1635 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-03-30 21:44:16 +00:00
parent 9f2f6c3166
commit 51cbb72649
13 changed files with 84 additions and 18 deletions

6
NEWS
View File

@ -36,6 +36,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
! HTML Purifier now has its own Exception hierarchy under HTMLPurifier_Exception. ! HTML Purifier now has its own Exception hierarchy under HTMLPurifier_Exception.
Developer error (not enduser error) can cause these to be triggered. Developer error (not enduser error) can cause these to be triggered.
! Experimental kses() wrapper introduced with HTMLPurifier.kses.php ! Experimental kses() wrapper introduced with HTMLPurifier.kses.php
! Finally %CSS.AllowedProperties for tweaking allowed CSS properties without
mucking around with HTMLPurifier_CSSDefinition
- Autoclose now operates iteratively, i.e. <span><span><div> now has - Autoclose now operates iteratively, i.e. <span><span><div> now has
both span tags closed. both span tags closed.
- Various HTMLPurifier_Config convenience functions now accept another parameter - Various HTMLPurifier_Config convenience functions now accept another parameter
@ -75,7 +77,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. HTMLPurifier_ConfigSchema->validate() deprecated in favor of . HTMLPurifier_ConfigSchema->validate() deprecated in favor of
HTMLPurifier_VarParser->parse() HTMLPurifier_VarParser->parse()
. Integers auto-cast into float type by VarParser. . Integers auto-cast into float type by VarParser.
. HTMLPURIFIER_STRICT . HTMLPURIFIER_STRICT removed; no validation is performed on runtime, only
during cache generation
. Reordered script calls in maintenance/flush.php
3.0.0, released 2008-01-06 3.0.0, released 2008-01-06
# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained # HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained

4
TODO
View File

@ -27,6 +27,10 @@ DOCUMENTATION
IMPORTANT FEATURES IMPORTANT FEATURES
- Get everything into configuration objects (filters, I'm looking at you) - Get everything into configuration objects (filters, I'm looking at you)
- Factor out command line parser into its own class, and unit test it - Factor out command line parser into its own class, and unit test it
- Verbose mode for webtester that includes transcript from command line
- Command line maintenance scripts must complain with exit(1) if there are
fatal errors
- Emit notices when aliases are used (allow muting these errors)
CONFIGDOC CONFIGDOC
- Properly integrate new ConfigSchema system into configdoc. DESCRIPTIONS - Properly integrate new ConfigSchema system into configdoc. DESCRIPTIONS

View File

@ -212,6 +212,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important); $this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
} }
$this->setupConfigStuff($config);
} }
protected function doSetupProprietary($config) { protected function doSetupProprietary($config) {
@ -245,5 +246,32 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
)); ));
} }
/**
* Performs extra config-based processing. Based off of
* HTMLPurifier_HTMLDefinition.
* @todo Refactor duplicate elements into common class (probably using
* composition, not inheritance).
*/
protected function setupConfigStuff($config) {
// setup allowed elements
$support = "(for information on implementing this, see the ".
"support forums) ";
$allowed_attributes = $config->get('CSS', 'AllowedProperties');
if ($allowed_attributes !== null) {
foreach ($this->info as $name => $d) {
if(!isset($allowed_attributes[$name])) unset($this->info[$name]);
unset($allowed_attributes[$name]);
}
// emit errors
foreach ($allowed_attributes as $name => $d) {
// :TODO: Is this htmlspecialchars() call really necessary?
$name = htmlspecialchars($name);
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
}
}
}
} }

View File

@ -51,11 +51,5 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
*/ */
public $aliases = array(); public $aliases = array();
/**
* Advisory list of directive aliases, i.e. other directives that
* redirect here
*/
public $directiveAliases = array();
} }

View File

@ -118,7 +118,6 @@ class HTMLPurifier_ConfigSchema {
*/ */
public function addAlias($namespace, $name, $new_namespace, $new_name) { public function addAlias($namespace, $name, $new_namespace, $new_name) {
$this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_DirectiveAlias($new_namespace, $new_name); $this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_DirectiveAlias($new_namespace, $new_name);
$this->info[$new_namespace][$new_name]->directiveAliases[] = "$namespace.$name";
} }
// DEPRECATED METHODS // DEPRECATED METHODS

View File

@ -9,10 +9,10 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
public function build($interchange) { public function build($interchange) {
$schema = new HTMLPurifier_ConfigSchema(); $schema = new HTMLPurifier_ConfigSchema();
foreach ($this->namespaces as $n) { foreach ($interchange->namespaces as $n) {
$schema->addNamespace($n->namespace); $schema->addNamespace($n->namespace);
} }
foreach ($this->directives as $d) { foreach ($interchange->directives as $d) {
$schema->add( $schema->add(
$d->id->namespace, $d->id->namespace,
$d->id->directive, $d->id->directive,
@ -29,8 +29,8 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
} }
foreach ($d->aliases as $alias) { foreach ($d->aliases as $alias) {
$schema->addAlias( $schema->addAlias(
$alias->id->namespace, $alias->namespace,
$alias->id->directive, $alias->directive,
$d->id->namespace, $d->id->namespace,
$d->id->directive $d->id->directive
); );
@ -43,6 +43,7 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
); );
} }
} }
return $schema;
} }
} }

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,17 @@
CSS.AllowedProperties
TYPE: lookup/null
VERSION: 3.1.0
DEFAULT: NULL
--DESCRIPTION--
<p>
If HTML Purifier's style attributes set is unsatisfactory for your needs,
you can overload it with your own list of tags to allow. Note that this
method is subtractive: it does its job by taking away from HTML Purifier
usual feature set, so you cannot add an attribute that HTML Purifier never
supported in the first place.
</p>
<p>
<strong>Warning:</strong> If another directive conflicts with the
elements here, <em>that</em> directive will win and override.
</p>

View File

@ -1,5 +1,5 @@
Filter.ExtractStyleBlocksScope Filter.ExtractStyleBlocksScope
TYPE: string TYPE: string/null
VERSION: 3.0.0 VERSION: 3.0.0
DEFAULT: NULL DEFAULT: NULL
--DESCRIPTION-- --DESCRIPTION--

View File

@ -252,6 +252,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
} }
// emit errors // emit errors
foreach ($allowed_elements as $element => $d) { foreach ($allowed_elements as $element => $d) {
// :TODO: Is this htmlspecialchars() call really necessary?
$element = htmlspecialchars($element); $element = htmlspecialchars($element);
trigger_error("Element '$element' is not supported $support", E_USER_WARNING); trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
} }
@ -283,6 +284,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
// emit errors // emit errors
foreach ($allowed_attributes_mutable as $elattr => $d) { foreach ($allowed_attributes_mutable as $elattr => $d) {
list($element, $attribute) = explode('.', $elattr); list($element, $attribute) = explode('.', $elattr);
// :TODO: Is this htmlspecialchars() call really necessary?
$element = htmlspecialchars($element); $element = htmlspecialchars($element);
$attribute = htmlspecialchars($attribute); $attribute = htmlspecialchars($attribute);
if ($element == '*') { if ($element == '*') {

View File

@ -18,6 +18,6 @@ function e($cmd) {
} }
e('php generate-includes.php'); e('php generate-includes.php');
e('php flush-definition-cache.php');
e('php generate-schema-cache.php'); e('php generate-schema-cache.php');
e('php flush-definition-cache.php');
e('php generate-standalone.php'); e('php generate-standalone.php');

View File

@ -45,21 +45,21 @@ class HTMLPurifier_DefinitionCacheFactoryTest extends HTMLPurifier_Harness
} }
function test_create_invalid() { function test_create_invalid() {
$this->config->set('Core', 'DefinitionCache', 'Invalid'); $this->config->set('Cache', 'DefinitionImpl', 'Invalid');
$this->expectError('Unrecognized DefinitionCache Invalid, using Serializer instead'); $this->expectError('Unrecognized DefinitionCache Invalid, using Serializer instead');
$cache = $this->factory->create('Test', $this->config); $cache = $this->factory->create('Test', $this->config);
$this->assertIsA($cache, 'HTMLPurifier_DefinitionCache_Serializer'); $this->assertIsA($cache, 'HTMLPurifier_DefinitionCache_Serializer');
} }
function test_null() { function test_null() {
$this->config->set('Core', 'DefinitionCache', null); $this->config->set('Cache', 'DefinitionImpl', null);
$cache = $this->factory->create('Test', $this->config); $cache = $this->factory->create('Test', $this->config);
$this->assertEqual($cache, new HTMLPurifier_DefinitionCache_Null('Test')); $this->assertEqual($cache, new HTMLPurifier_DefinitionCache_Null('Test'));
} }
function test_register() { function test_register() {
generate_mock_once('HTMLPurifier_DefinitionCache'); generate_mock_once('HTMLPurifier_DefinitionCache');
$this->config->set('Core', 'DefinitionCache', 'TestCache'); $this->config->set('Cache', 'DefinitionImpl', 'TestCache');
$this->factory->register('TestCache', $class = 'HTMLPurifier_DefinitionCacheMock'); $this->factory->register('TestCache', $class = 'HTMLPurifier_DefinitionCacheMock');
$cache = $this->factory->create('Test', $this->config); $cache = $this->factory->create('Test', $this->config);
$this->assertIsA($cache, $class); $this->assertIsA($cache, $class);

View File

@ -53,6 +53,23 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
} }
function testDifferentAllowedCSSProperties() {
$this->purifier = new HTMLPurifier(array(
'CSS.AllowedProperties' => array('color', 'background-color')
));
$this->assertPurification(
'<div style="color:#f00;background-color:#ded;">red</div>'
);
$this->assertPurification(
'<div style="color:#f00;border:1px solid #000">red</div>',
'<div style="color:#f00;">red</div>'
);
}
function testDisableURI() { function testDisableURI() {
$this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) ); $this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );