mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-03-23 14:27:02 +00:00
Code Releases Activity

[3.1.0] [BACKPORT] Fix bug with trusted script handling for versions of libxml 2.6.28 or later

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1553 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-02-16 05:44:14 +00:00
parent 929d932234
commit 5c0a1d467a
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -31,6 +31,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- Various HTMLPurifier_Config convenience functions now accept another parameter - Various HTMLPurifier_Config convenience functions now accept another parameter
$schema which defines what HTMLPurifier_ConfigSchema to use besides the $schema which defines what HTMLPurifier_ConfigSchema to use besides the
global default. global default.
- Fix bug with trusted script handling in libxml versions later than 2.6.28.
. Plugins now get their own changelogs according to project conventions. . Plugins now get their own changelogs according to project conventions.
. Convert tokens to use instanceof, reducing memory footprint and . Convert tokens to use instanceof, reducing memory footprint and
improving comparison speed. improving comparison speed.

21
library/HTMLPurifier/Lexer/DOMLex.php
View File

@ -87,10 +87,27 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
$tokens[] = $this->factory->createText($node->data); $tokens[] = $this->factory->createText($node->data);
return; return;
} elseif ($node->nodeType === XML_CDATA_SECTION_NODE) { } elseif ($node->nodeType === XML_CDATA_SECTION_NODE) {
// undo DOM's special treatment of <script> tags // undo libxml's special treatment of <script> and <style> tags
$tokens[] = $this->factory->createText($this->parseData($node->data)); $last = end($tokens);
$data = $node->data;
// (note $node->tagname is already normalized)
if ($last instanceof HTMLPurifier_Token_Start && $last->name == 'script') {
$new_data = trim($data);
if (substr($new_data, 0, 4) === '<!--') {
$data = substr($new_data, 4);
if (substr($data, -3) === '-->') {
$data = substr($data, 0, -3);
} else {
// Highly suspicious! Not sure what to do...
}
}
}
$tokens[] = $this->factory->createText($this->parseData($data));
return; return;
} elseif ($node->nodeType === XML_COMMENT_NODE) { } elseif ($node->nodeType === XML_COMMENT_NODE) {
// this is code is only invoked for comments in script/style in versions
// of libxml pre-2.6.28 (regular comments, of course, are still
// handled regularly)
$tokens[] = $this->factory->createComment($node->data); $tokens[] = $this->factory->createComment($node->data);
return; return;
} elseif ( } elseif (