From 5e5c0f3aa4204e89f2ad1c292a45d1090ba6ac2f Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Fri, 29 Jun 2007 01:54:48 +0000 Subject: [PATCH] [2.1.0] . Introduce new text/itext configuration directive values: these represent longer strings that would be more appropriately edited with a textarea . Allow newlines to act as separators for lists, hashes, lookups and %HTML.Allowed git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1272 48356398-32a2-884e-a903-53898d9a118a --- NEWS | 4 ++++ library/HTMLPurifier/ConfigSchema.php | 16 ++++++++++++---- library/HTMLPurifier/HTMLDefinition.php | 8 +++++--- tests/HTMLPurifier/ConfigSchemaTest.php | 7 +++++++ tests/HTMLPurifier/HTMLDefinitionTest.php | 15 +++++++++++++++ 5 files changed, 43 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 176c5afe..644988e8 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,10 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier for output cache invalidation . ConfigForm printer now can retrieve CSS and JS files as strings, in case HTML Purifier's directory is not publically accessible +. Introduce new text/itext configuration directive values: these represent + longer strings that would be more appropriately edited with a textarea +. Allow newlines to act as separators for lists, hashes, lookups and + %HTML.Allowed 2.0.2, unknown release date (none) diff --git a/library/HTMLPurifier/ConfigSchema.php b/library/HTMLPurifier/ConfigSchema.php index 12216188..e17a3f07 100644 --- a/library/HTMLPurifier/ConfigSchema.php +++ b/library/HTMLPurifier/ConfigSchema.php @@ -49,6 +49,8 @@ class HTMLPurifier_ConfigSchema { var $types = array( 'string' => 'String', 'istring' => 'Case-insensitive string', + 'text' => 'Text', + 'itext' => 'Case-insensitive text', 'int' => 'Integer', 'float' => 'Float', 'bool' => 'Boolean', @@ -313,8 +315,10 @@ class HTMLPurifier_ConfigSchema { return $var; case 'istring': case 'string': + case 'text': // no difference, just is longer/multiple line string + case 'itext': if (!is_string($var)) break; - if ($type === 'istring') $var = strtolower($var); + if ($type === 'istring' || $type === 'itext') $var = strtolower($var); return $var; case 'int': if (is_string($var) && ctype_digit($var)) $var = (int) $var; @@ -345,9 +349,13 @@ class HTMLPurifier_ConfigSchema { // a single empty string item, but having an empty // array is more intuitive if ($var == '') return array(); - // simplistic string to array method that only works - // for simple lists of tag names or alphanumeric characters - $var = explode(',',$var); + if (strpos($var, "\n") === false && strpos($var, "\r") === false) { + // simplistic string to array method that only works + // for simple lists of tag names or alphanumeric characters + $var = explode(',',$var); + } else { + $var = preg_split('/(,|[\n\r]+)/', $var); + } // remove spaces foreach ($var as $i => $j) $var[$i] = trim($j); if ($type === 'hash') { diff --git a/library/HTMLPurifier/HTMLDefinition.php b/library/HTMLPurifier/HTMLDefinition.php index 9ed413c7..aaeb8bae 100644 --- a/library/HTMLPurifier/HTMLDefinition.php +++ b/library/HTMLPurifier/HTMLDefinition.php @@ -110,12 +110,13 @@ HTMLPurifier_ConfigSchema::define( '); HTMLPurifier_ConfigSchema::define( - 'HTML', 'Allowed', null, 'string/null', ' + 'HTML', 'Allowed', null, 'itext/null', '

This is a convenience directive that rolls the functionality of %HTML.AllowedElements and %HTML.AllowedAttributes into one directive. Specify elements and attributes that are allowed using: - element1[attr1|attr2],element2.... + element1[attr1|attr2],element2.... You can also use + newlines instead of commas to separate elements.

Warning: @@ -426,8 +427,9 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition $elements = array(); $attributes = array(); - $chunks = explode(',', $list); + $chunks = preg_split('/(,|[\n\r]+)/', $list); foreach ($chunks as $chunk) { + if (empty($chunk)) continue; // remove TinyMCE element control characters if (!strpos($chunk, '[')) { $element = $chunk; diff --git a/tests/HTMLPurifier/ConfigSchemaTest.php b/tests/HTMLPurifier/ConfigSchemaTest.php index 8dfb8f4c..e3ef08d2 100644 --- a/tests/HTMLPurifier/ConfigSchemaTest.php +++ b/tests/HTMLPurifier/ConfigSchemaTest.php @@ -260,7 +260,9 @@ class HTMLPurifier_ConfigSchemaTest extends UnitTestCase function testValidate() { $this->assertValid('foobar', 'string'); + $this->assertValid('foobar', 'text'); // aliases, lstring = long string $this->assertValid('FOOBAR', 'istring', 'foobar'); + $this->assertValid('FOOBAR', 'itext', 'foobar'); $this->assertValid(34, 'int'); @@ -278,10 +280,14 @@ class HTMLPurifier_ConfigSchemaTest extends UnitTestCase $this->assertValid(array('1', '2', '3'), 'list'); $this->assertValid('foo,bar, cow', 'list', array('foo', 'bar', 'cow')); $this->assertValid('', 'list', array()); + $this->assertValid("foo\nbar", 'list', array('foo', 'bar')); + $this->assertValid("foo\nbar,baz", 'list', array('foo', 'bar', 'baz')); $this->assertValid(array('1' => true, '2' => true), 'lookup'); $this->assertValid(array('1', '2'), 'lookup', array('1' => true, '2' => true)); $this->assertValid('foo,bar', 'lookup', array('foo' => true, 'bar' => true)); + $this->assertValid("foo\nbar", 'lookup', array('foo' => true, 'bar' => true)); + $this->assertValid("foo\nbar,baz", 'lookup', array('foo' => true, 'bar' => true, 'baz' => true)); $this->assertValid('', 'lookup', array()); $this->assertValid(array('foo' => 'bar'), 'hash'); @@ -289,6 +295,7 @@ class HTMLPurifier_ConfigSchemaTest extends UnitTestCase $this->assertInvalid(array(0 => 'moo'), 'hash'); $this->assertValid('', 'hash', array()); $this->assertValid('foo:bar,too:two', 'hash', array('foo' => 'bar', 'too' => 'two')); + $this->assertValid("foo:bar\ntoo:two,three:free", 'hash', array('foo' => 'bar', 'too' => 'two', 'three' => 'free')); $this->assertValid('foo:bar,too', 'hash', array('foo' => 'bar')); $this->assertValid('foo:bar,', 'hash', array('foo' => 'bar')); $this->assertValid('foo:bar:baz', 'hash', array('foo' => 'bar:baz')); diff --git a/tests/HTMLPurifier/HTMLDefinitionTest.php b/tests/HTMLPurifier/HTMLDefinitionTest.php index 3581f8cf..f18ecb15 100644 --- a/tests/HTMLPurifier/HTMLDefinitionTest.php +++ b/tests/HTMLPurifier/HTMLDefinitionTest.php @@ -9,6 +9,10 @@ class HTMLPurifier_HTMLDefinitionTest extends UnitTestCase $def = new HTMLPurifier_HTMLDefinition(); + // note: this is case-sensitive, but its config schema + // counterpart is not. This is generally a good thing for users, + // but it's a slight internal inconsistency + $this->assertEqual( $def->parseTinyMCEAllowedList('a,b,c'), array(array('a' => true, 'b' => true, 'c' => true), array()) @@ -35,6 +39,17 @@ class HTMLPurifier_HTMLDefinitionTest extends UnitTestCase array('span.style' => true, 'a.href' => true, 'a.title' => true)) ); + $this->assertEqual( + // alternate form: + $def->parseTinyMCEAllowedList( +'span[style] +strong +a[href|title] +'), + array(array('span' => true, 'strong' => true, 'a' => true), + array('span.style' => true, 'a.href' => true, 'a.title' => true)) + ); + } function test_Allowed() {