mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00
Code Releases Activity

Allow %URI.DefaultScheme to be null.

Browse Source 
Fixes #103.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang 2016-10-27 17:24:34 -07:00
parent d19d648a26
commit 59463c5c39
6 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
. Internal change . Internal change
========================== ==========================
4.9.0, unknown release date
! %URI.DefaultScheme can now be set to null, in which case
all relative paths are removed.
4.8.0, released 2016-07-16 4.8.0, released 2016-07-16
# By default, when a link has a target attribute associated # By default, when a link has a target attribute associated
with it, we now also add rel="noreferrer" in order to with it, we now also add rel="noreferrer" in order to

6
configdoc/usage.xml
View File

@ -423,13 +423,13 @@
</directive> </directive>
<directive id="Cache.SerializerPath"> <directive id="Cache.SerializerPath">
<file name="HTMLPurifier/DefinitionCache/Serializer.php"> <file name="HTMLPurifier/DefinitionCache/Serializer.php">
<line>183</line> <line>185</line>
</file> </file>
</directive> </directive>
<directive id="Cache.SerializerPermissions"> <directive id="Cache.SerializerPermissions">
<file name="HTMLPurifier/DefinitionCache/Serializer.php"> <file name="HTMLPurifier/DefinitionCache/Serializer.php">
<line>200</line> <line>202</line>
<line>216</line> <line>218</line>
</file> </file>
</directive> </directive>
<directive id="Filter.ExtractStyleBlocks.TidyImpl"> <directive id="Filter.ExtractStyleBlocks.TidyImpl">

BIN
library/HTMLPurifier/ConfigSchema/schema.ser
View File

Binary file not shown.

7
library/HTMLPurifier/ConfigSchema/schema/URI.DefaultScheme.txt
View File

@ -1,5 +1,5 @@
URI.DefaultScheme URI.DefaultScheme
TYPE: string TYPE: string/null
DEFAULT: 'http' DEFAULT: 'http'
--DESCRIPTION-- --DESCRIPTION--
@ -7,4 +7,9 @@ DEFAULT: 'http'
Defines through what scheme the output will be served, in order to Defines through what scheme the output will be served, in order to
select the proper object validator when no scheme information is present. select the proper object validator when no scheme information is present.
</p> </p>
<p>
Starting with HTML Purifier 4.9.0, the default scheme can be null, in
which case we reject all URIs which do not have explicit schemes.
</p>
--# vim: et sw=4 sts=4 --# vim: et sw=4 sts=4

12
library/HTMLPurifier/URI.php
View File

@ -85,11 +85,13 @@ class HTMLPurifier_URI
$def = $config->getDefinition('URI'); $def = $config->getDefinition('URI');
$scheme_obj = $def->getDefaultScheme($config, $context); $scheme_obj = $def->getDefaultScheme($config, $context);
if (!$scheme_obj) { if (!$scheme_obj) {
// something funky happened to the default scheme object if ($def->defaultScheme !== null) {
trigger_error( // something funky happened to the default scheme object
'Default scheme object "' . $def->defaultScheme . '" was not readable', trigger_error(
E_USER_WARNING 'Default scheme object "' . $def->defaultScheme . '" was not readable',
); E_USER_WARNING
);
} // suppress error if it's null
return false; return false;
} }
} }

6
tests/HTMLPurifier/AttrDef/URITest.php
View File

@ -81,6 +81,12 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
$this->assertDef('http://example.com/foo/bar'); $this->assertDef('http://example.com/foo/bar');
} }
public function testDefaultSchemeNull()
{
$this->config->set('URI.DefaultScheme', null);
$this->assertDef('foo', false);
}
public function testAltSchemeNotRemoved() public function testAltSchemeNotRemoved()
{ {
$this->assertDef('mailto:this-looks-like-a-path@example.com'); $this->assertDef('mailto:this-looks-like-a-path@example.com');