From 71301b36eb60fb52e6fba2cc2ca99b1d44ba1b4a Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <edwardzyang@thewritingpot.com>
Date: Wed, 8 Aug 2007 05:16:15 +0000
Subject: [PATCH] [2.1.2?] Implemented Object module for trusted users.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1377 48356398-32a2-884e-a903-53898d9a118a
---
 NEWS                                         |  1 +
 library/HTMLPurifier/AttrTypes.php           |  3 ++
 library/HTMLPurifier/HTMLModule/Object.php   | 47 ++++++++++++++++++++
 library/HTMLPurifier/HTMLModuleManager.php   |  3 +-
 tests/HTMLPurifier/HTMLModule/ObjectTest.php | 39 ++++++++++++++++
 tests/test_files.php                         |  1 +
 6 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 library/HTMLPurifier/HTMLModule/Object.php
 create mode 100644 tests/HTMLPurifier/HTMLModule/ObjectTest.php

diff --git a/NEWS b/NEWS
index 4d173262..5e03cbe1 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ==========================
 
 2.1.2, unknown release date
+! Implemented Object module for trusted users
 - Fix non-visible parsing error in DirectLex with empty tags that have
   slashes inside attribute values.
 
diff --git a/library/HTMLPurifier/AttrTypes.php b/library/HTMLPurifier/AttrTypes.php
index 4cb70be7..93abb0d0 100644
--- a/library/HTMLPurifier/AttrTypes.php
+++ b/library/HTMLPurifier/AttrTypes.php
@@ -44,6 +44,9 @@ class HTMLPurifier_AttrTypes
         $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
         $this->info['Color']    = new HTMLPurifier_AttrDef_HTML_Color();
         
+        // unimplemented aliases
+        $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
+        
         // number is really a positive integer (one or more digits)
         // FIXME: ^^ not always, see start and value of list items
         $this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
diff --git a/library/HTMLPurifier/HTMLModule/Object.php b/library/HTMLPurifier/HTMLModule/Object.php
new file mode 100644
index 00000000..33734772
--- /dev/null
+++ b/library/HTMLPurifier/HTMLModule/Object.php
@@ -0,0 +1,47 @@
+<?php
+
+require_once 'HTMLPurifier/HTMLModule.php';
+
+/**
+ * XHTML 1.1 Object Module, defines elements for generic object inclusion
+ * @warning Users will commonly use <embed> to cater to legacy browsers: this
+ *      module does not allow this sort of behavior
+ */
+class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
+{
+    
+    var $name = 'Object';
+    
+    function HTMLPurifier_HTMLModule_Object() {
+        
+        $this->addElement('object', false, 'Inline', 'Optional: #PCDATA | Flow | param', 'Common', 
+            array(
+                'archive' => 'URI',
+                'classid' => 'URI',
+                'codebase' => 'URI',
+                'codetype' => 'Text',
+                'data' => 'URI',
+                'declare' => 'Bool#declare',
+                'height' => 'Length',
+                'name' => 'CDATA',
+                'standby' => 'Text',
+                'tabindex' => 'Number',
+                'type' => 'ContentType',
+                'width' => 'Length'
+            )
+        );
+
+        $this->addElement('param', false, false, 'Empty', false,
+            array(
+                'id' => 'ID',
+                'name*' => 'Text',
+                'type' => 'Text',
+                'value' => 'Text',
+                'valuetype' => 'Enum#data,ref,object'
+           )
+        );
+    
+    }
+    
+}
+
diff --git a/library/HTMLPurifier/HTMLModuleManager.php b/library/HTMLPurifier/HTMLModuleManager.php
index d4f10d0c..74a233ff 100644
--- a/library/HTMLPurifier/HTMLModuleManager.php
+++ b/library/HTMLPurifier/HTMLModuleManager.php
@@ -29,6 +29,7 @@ require_once 'HTMLPurifier/HTMLModule/Scripting.php';
 require_once 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
 require_once 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
 require_once 'HTMLPurifier/HTMLModule/Ruby.php';
+require_once 'HTMLPurifier/HTMLModule/Object.php';
 
 // tidy modules
 require_once 'HTMLPurifier/HTMLModule/Tidy.php';
@@ -172,7 +173,7 @@ class HTMLPurifier_HTMLModuleManager
         $common = array(
             'CommonAttributes', 'Text', 'Hypertext', 'List',
             'Presentation', 'Edit', 'Bdo', 'Tables', 'Image',
-            'StyleAttribute', 'Scripting'
+            'StyleAttribute', 'Scripting', 'Object'
         );
         $transitional = array('Legacy', 'Target');
         $xml = array('XMLCommonAttributes');
diff --git a/tests/HTMLPurifier/HTMLModule/ObjectTest.php b/tests/HTMLPurifier/HTMLModule/ObjectTest.php
new file mode 100644
index 00000000..44e1ffa5
--- /dev/null
+++ b/tests/HTMLPurifier/HTMLModule/ObjectTest.php
@@ -0,0 +1,39 @@
+<?php
+
+require_once 'HTMLPurifier/HTMLModuleHarness.php';
+
+class HTMLPurifier_HTMLModule_ObjectTest extends HTMLPurifier_HTMLModuleHarness
+{
+    
+    function setUp() {
+        parent::setUp();
+        $this->config->set('HTML', 'Trusted', true);
+    }
+    
+    function testDefaultRemoval() {
+        $this->config->set('HTML', 'Trusted', false);
+        $this->assertResult(
+            '<object></object>', ''
+        );
+    }
+    
+    function testMinimal() {
+        $this->assertResult('<object></object>');
+    }
+    
+    function testStandardUseCase() {
+        $this->assertResult(
+'<object type="video/x-ms-wmv" data="http://domain.com/video.wmv" width="320" height="256">
+<param name="src" value="http://domain.com/video.wmv" />
+<param name="autostart" value="false" />
+<param name="controller" value="true" />
+<param name="pluginurl" value="http://www.microsoft.com/Windows/MediaPlayer/" />
+<a href="http://www.microsoft.com/Windows/MediaPlayer/">Windows Media player required</a>
+</object>'
+        );
+    }
+    
+    // more test-cases?
+    
+}
+
diff --git a/tests/test_files.php b/tests/test_files.php
index 5ff30f0c..adb0df4c 100644
--- a/tests/test_files.php
+++ b/tests/test_files.php
@@ -79,6 +79,7 @@ $test_files[] = 'HTMLPurifier/GeneratorTest.php';
 $test_files[] = 'HTMLPurifier/HTMLDefinitionTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModuleManagerTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModuleTest.php';
+$test_files[] = 'HTMLPurifier/HTMLModule/ObjectTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModule/RubyTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModule/ScriptingTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModule/TidyTest.php';