mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00
Code Releases Activity

[SafeScripting] disable autoclosing of <script /> tag (#198)

Browse Source
This commit is contained in:
Dimitri Gritsajuk 2018-11-11 21:04:11 +01:00 committed by Edward Z. Yang
parent b74425bee5
commit 5a01e6535d
3 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configdoc/usage.xml
View File

@ -410,7 +410,7 @@
</directive> </directive>
<directive id="Core.EnableIDNA"> <directive id="Core.EnableIDNA">
<file name="HTMLPurifier/AttrDef/URI/Host.php"> <file name="HTMLPurifier/AttrDef/URI/Host.php">
<line>105</line> <line>109</line>
</file> </file>
</directive> </directive>
<directive id="Attr.DefaultTextDir"> <directive id="Attr.DefaultTextDir">

2
library/HTMLPurifier/HTMLModule/SafeScripting.php
View File

@ -23,7 +23,7 @@ class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
$script = $this->addElement( $script = $this->addElement(
'script', 'script',
'Inline', 'Inline',
'Empty', 'Optional:', // Not `Empty` to not allow to autoclose the <script /> tag @see https://www.w3.org/TR/html4/interact/scripts.html
null, null,
array( array(
// While technically not required by the spec, we're forcing // While technically not required by the spec, we're forcing

10
tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php
View File

@ -20,7 +20,15 @@ class HTMLPurifier_HTMLModule_SafeScriptingTest extends HTMLPurifier_HTMLModuleH
public function testGood() public function testGood()
{ {
$this->assertResult( $this->assertResult(
'<script type="text/javascript" src="http://localhost/foo.js" />' '<script type="text/javascript" src="http://localhost/foo.js"></script>'
);
}
public function testGoodWithAutoclosedTag()
{
$this->assertResult(
'<script type="text/javascript" src="http://localhost/foo.js"/>',
'<script type="text/javascript" src="http://localhost/foo.js"></script>'
); );
} }