[3.1.1] Disable percent height/width attributes for img

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1756 48356398-32a2-884e-a903-53898d9a118a
2024-11-09 15:28:40 +00:00 · 2008-05-21 02:01:25 +00:00 · 2008-05-21 02:01:25 +00:00 · 5620241165
commit 5620241165
parent c06727190e
2 changed files with 6 additions and 2 deletions
--- a/1
+++ b/1
@ -11,6 +11,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier

 3.1.1, unknown release date
 ! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength.
+- Disable percent height/width attributes for img
 . Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
  handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
  this class.
--- a/library/HTMLPurifier/HTMLModule/Image.php
+++ b/library/HTMLPurifier/HTMLModule/Image.php
@ -15,10 +15,13 @@ class HTMLPurifier_HTMLModule_Image extends HTMLPurifier_HTMLModule
            'img', 'Inline', 'Empty', 'Common',
            array(
                'alt*' => 'Text',
-                'height' => 'Length',
+                // According to the spec, it's Length, but percents can
+                // be abused, so we allow only Pixels. A trusted module
+                // could overload this with the real value.
+                'height' => 'Pixels',
+                'width' => 'Pixels',
                'longdesc' => 'URI', 
                'src*' => new HTMLPurifier_AttrDef_URI(true), // embedded
-                'width' => 'Length'
            )
        );
        // kind of strange, but splitting things up would be inefficient