Fix #83.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2024-09-18 18:25:18 +00:00 · 2017-03-07 17:52:41 -08:00 · 2017-03-07 17:52:41 -08:00 · 74f123a84c
commit 74f123a84c
parent 7e11c271b9
5 changed files with 42 additions and 5 deletions
--- a/3
+++ b/3
@ -36,6 +36,9 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
  decoding entities that are missing trailing semicolon.
  To get old behavior, set %Core.LegacyEntityDecoder to true.
  (#119)
+- Workaround libxml bug when HTML tags are embedded inside
+  script tags.  To disable workaround set %Core.AggressivelyRemoveScript
+  to false. (#83)
 # By default, when a link has a target attribute associated
  with it, we now also add rel="noopener" in order to
  prevent the new window from being able to overwrite
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@ -6,7 +6,7 @@
  </file>
  <file name="HTMLPurifier/Lexer.php">
   <line>85</line>
-   <line>322</line>
+   <line>326</line>
  </file>
  <file name="HTMLPurifier/Lexer/DirectLex.php">
   <line>67</line>
@ -124,7 +124,7 @@
   <line>122</line>
  </file>
  <file name="HTMLPurifier/Lexer.php">
-   <line>304</line>
+   <line>308</line>
  </file>
 </directive>
 <directive id="Output.Newline">
@ -172,7 +172,8 @@
   <line>234</line>
  </file>
  <file name="HTMLPurifier/Lexer.php">
-   <line>309</line>
+   <line>313</line>
+   <line>351</line>
  </file>
  <file name="HTMLPurifier/HTMLModule/Image.php">
   <line>37</line>
@ -260,14 +261,25 @@
   <line>62</line>
  </file>
 </directive>
+ <directive id="Core.LegacyEntityDecoder">
+  <file name="HTMLPurifier/Lexer.php">
+   <line>215</line>
+   <line>337</line>
+  </file>
+ </directive>
 <directive id="Core.ConvertDocumentToFragment">
  <file name="HTMLPurifier/Lexer.php">
-   <line>320</line>
+   <line>324</line>
  </file>
 </directive>
 <directive id="Core.RemoveProcessingInstructions">
  <file name="HTMLPurifier/Lexer.php">
-   <line>343</line>
+   <line>347</line>
+  </file>
+ </directive>
+ <directive id="Core.AggressivelyRemoveScript">
+  <file name="HTMLPurifier/Lexer.php">
+   <line>351</line>
  </file>
 </directive>
 <directive id="URI.">
--- a/library/HTMLPurifier/ConfigSchema/schema.ser
+++ b/library/HTMLPurifier/ConfigSchema/schema.ser
--- a/library/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
+++ b/library/HTMLPurifier/ConfigSchema/schema/Core.AggressivelyRemoveScript.txt
@ -0,0 +1,16 @@
+Core.AggressivelyRemoveScript
+TYPE: bool
+VERSION: 4.9.0
+DEFAULT: true
+--DESCRIPTION--
+<p>
+    This directive enables aggressive pre-filter removal of
+    script tags.  This is not necessary for security,
+    but it can help work around a bug in libxml where embedded
+    HTML elements inside script sections cause the parser to
+    choke.  To revert to pre-4.9.0 behavior, set this to false.
+    This directive has no effect if %Core.Trusted is true,
+    %Core.RemoveScriptContents is false, or %Core.HiddenElements
+    does not contain script.
+</p>
+--# vim: et sw=4 sts=4
--- a/library/HTMLPurifier/Lexer.php
+++ b/library/HTMLPurifier/Lexer.php
@ -348,6 +348,12 @@ class HTMLPurifier_Lexer
            $html = preg_replace('#<\?.+?\?>#s', '', $html);
        }

+        if ($config->get('Core.AggressivelyRemoveScript') &&
+            !($config->get('HTML.Trusted') || !$config->get('Core.RemoveScriptContents')
+            || empty($config->get('Core.HiddenElements')["script"]))) {
+            $html = preg_replace('#<script[^>]*>.*?</script>#i', '', $html);
+        }
+
        return $html;
    }