[2.1.2?] Implemented Object module for trusted users.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1377 48356398-32a2-884e-a903-53898d9a118a
2024-11-09 15:28:40 +00:00 · 2007-08-08 05:16:15 +00:00 · 2007-08-08 05:16:15 +00:00 · 71301b36eb
commit 71301b36eb
parent 4f0d012dfa
6 changed files with 93 additions and 1 deletions
--- a/1
+++ b/1
@ -10,6 +10,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ==========================

 2.1.2, unknown release date
+! Implemented Object module for trusted users
 - Fix non-visible parsing error in DirectLex with empty tags that have
  slashes inside attribute values.

--- a/library/HTMLPurifier/AttrTypes.php
+++ b/library/HTMLPurifier/AttrTypes.php
@ -44,6 +44,9 @@ class HTMLPurifier_AttrTypes
        $this->info['LanguageCode'] = new HTMLPurifier_AttrDef_Lang();
        $this->info['Color']    = new HTMLPurifier_AttrDef_HTML_Color();
        
+        // unimplemented aliases
+        $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
+        
        // number is really a positive integer (one or more digits)
        // FIXME: ^^ not always, see start and value of list items
        $this->info['Number']   = new HTMLPurifier_AttrDef_Integer(false, false, true);
--- a/library/HTMLPurifier/HTMLModule/Object.php
+++ b/library/HTMLPurifier/HTMLModule/Object.php
@ -0,0 +1,47 @@
+<?php
+
+require_once 'HTMLPurifier/HTMLModule.php';
+
+/**
+ * XHTML 1.1 Object Module, defines elements for generic object inclusion
+ * @warning Users will commonly use <embed> to cater to legacy browsers: this
+ *      module does not allow this sort of behavior
+ */
+class HTMLPurifier_HTMLModule_Object extends HTMLPurifier_HTMLModule
+{
+    
+    var $name = 'Object';
+    
+    function HTMLPurifier_HTMLModule_Object() {
+        
+        $this->addElement('object', false, 'Inline', 'Optional: #PCDATA | Flow | param', 'Common', 
+            array(
+                'archive' => 'URI',
+                'classid' => 'URI',
+                'codebase' => 'URI',
+                'codetype' => 'Text',
+                'data' => 'URI',
+                'declare' => 'Bool#declare',
+                'height' => 'Length',
+                'name' => 'CDATA',
+                'standby' => 'Text',
+                'tabindex' => 'Number',
+                'type' => 'ContentType',
+                'width' => 'Length'
+            )
+        );
+
+        $this->addElement('param', false, false, 'Empty', false,
+            array(
+                'id' => 'ID',
+                'name*' => 'Text',
+                'type' => 'Text',
+                'value' => 'Text',
+                'valuetype' => 'Enum#data,ref,object'
+           )
+        );
+    
+    }
+    
+}
+
--- a/library/HTMLPurifier/HTMLModuleManager.php
+++ b/library/HTMLPurifier/HTMLModuleManager.php
@ -29,6 +29,7 @@ require_once 'HTMLPurifier/HTMLModule/Scripting.php';
 require_once 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
 require_once 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
 require_once 'HTMLPurifier/HTMLModule/Ruby.php';
+require_once 'HTMLPurifier/HTMLModule/Object.php';

 // tidy modules
 require_once 'HTMLPurifier/HTMLModule/Tidy.php';
@ -172,7 +173,7 @@ class HTMLPurifier_HTMLModuleManager
        $common = array(
            'CommonAttributes', 'Text', 'Hypertext', 'List',
            'Presentation', 'Edit', 'Bdo', 'Tables', 'Image',
-            'StyleAttribute', 'Scripting'
+            'StyleAttribute', 'Scripting', 'Object'
        );
        $transitional = array('Legacy', 'Target');
        $xml = array('XMLCommonAttributes');
--- a/tests/HTMLPurifier/HTMLModule/ObjectTest.php
+++ b/tests/HTMLPurifier/HTMLModule/ObjectTest.php
@ -0,0 +1,39 @@
+<?php
+
+require_once 'HTMLPurifier/HTMLModuleHarness.php';
+
+class HTMLPurifier_HTMLModule_ObjectTest extends HTMLPurifier_HTMLModuleHarness
+{
+    
+    function setUp() {
+        parent::setUp();
+        $this->config->set('HTML', 'Trusted', true);
+    }
+    
+    function testDefaultRemoval() {
+        $this->config->set('HTML', 'Trusted', false);
+        $this->assertResult(
+            '<object></object>', ''
+        );
+    }
+    
+    function testMinimal() {
+        $this->assertResult('<object></object>');
+    }
+    
+    function testStandardUseCase() {
+        $this->assertResult(
+'<object type="video/x-ms-wmv" data="http://domain.com/video.wmv" width="320" height="256">
+<param name="src" value="http://domain.com/video.wmv" />
+<param name="autostart" value="false" />
+<param name="controller" value="true" />
+<param name="pluginurl" value="http://www.microsoft.com/Windows/MediaPlayer/" />
+<a href="http://www.microsoft.com/Windows/MediaPlayer/">Windows Media player required</a>
+</object>'
+        );
+    }
+    
+    // more test-cases?
+    
+}
+
--- a/tests/test_files.php
+++ b/tests/test_files.php
@ -79,6 +79,7 @@ $test_files[] = 'HTMLPurifier/GeneratorTest.php';
 $test_files[] = 'HTMLPurifier/HTMLDefinitionTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModuleManagerTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModuleTest.php';
+$test_files[] = 'HTMLPurifier/HTMLModule/ObjectTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModule/RubyTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModule/ScriptingTest.php';
 $test_files[] = 'HTMLPurifier/HTMLModule/TidyTest.php';