Implement simple attribute transformations and roll them out.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@152 48356398-32a2-884e-a903-53898d9a118a
2024-12-22 16:31:53 +00:00 · 2006-08-04 00:11:54 +00:00 · 2006-08-04 00:11:54 +00:00 · 7d2bf08d2f
commit 7d2bf08d2f
parent f0deae1fc0
7 changed files with 41 additions and 9 deletions
--- a/library/HTMLPurifier/AttrDef/Enum.php
+++ b/library/HTMLPurifier/AttrDef/Enum.php
@ -14,11 +14,16 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
        $this->case_sensitive = $case_sensitive;
    }
    
-    function validate($string) {
+    function validate($raw_string) {
+        $string = trim($raw_string);
        if (!$this->case_sensitive) {
            $string = ctype_lower($string) ? $string : strtolower($string);
        }
-        return isset($this->valid_values[$string]);
+        $result = isset($this->valid_values[$string]);
+        
+        // if strings equal, return result, otherwise, return
+        // the new string on a good result and false on a bad one
+        return ($string == $raw_string) ? $result : $result ? $string : false;
    }
    
 }
--- a/library/HTMLPurifier/AttrDef/ID.php
+++ b/library/HTMLPurifier/AttrDef/ID.php
@ -6,9 +6,9 @@ require_once 'HTMLPurifier/IDAccumulator.php';
 class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
 {
    
-    function validate($id, &$accumulator) {
+    function validate($old_id, &$accumulator) {
        
-        $id = @ (string) $id; // sanity check
+        $id = trim($old_id); // trim it first
        
        if ($id === '') return false;
        if (isset($accumulator->ids[$id])) return false;
@ -19,7 +19,7 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
            $result = true;
        } else {
            if (!ctype_alpha(@$id[0])) return false;
-            $trim = trim(
+            $trim = trim( // primitive style of regexps, I suppose
                $id,
                'A..Za..z0..9:-._'
              );
@ -28,7 +28,10 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
        
        if ($result) $accumulator->add($id);
        
-        return $result;
+        // if no change was made to the ID, return the result
+        // else, return the new id if stripping whitespace made it
+        //     valid, or return false.
+        return ($id == $old_id) ? $result : ($result ? $id : false);
        
    }
    
--- a/library/HTMLPurifier/Definition.php
+++ b/library/HTMLPurifier/Definition.php
@ -222,9 +222,11 @@ class HTMLPurifier_Definition
        // info[]->attr : defines allowed attributes for elements
        
        // this doesn't include REQUIRED declarations, those are handled
-        // by the transform classes
+        // by the transform classes. It will, however, do simple and slightly
+        // complex attribute value substitution
        
-        // attrs, included in almost every single one except for a few
+        // attrs, included in almost every single one except for a few,
+        // which manually override these in their local definitions
        $this->info_global_attr = array(
            // core attrs
            'id' => new HTMLPurifier_AttrDef_ID(),
--- a/library/HTMLPurifier/Strategy/ValidateAttributes.php
+++ b/library/HTMLPurifier/Strategy/ValidateAttributes.php
@ -36,10 +36,17 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
                } else {
                    $result = false;
                }
-                if (!$result) {
+                if ($result === false) {
                    $changed = true;
                    unset($attr[$attr_key]);
+                } elseif (is_string($result)) {
+                    // simple substitution
+                    $changed = true;
+                    $attr[$attr_key] = $result;
                }
+                // we'd also want slightly more complicated substitution,
+                // although we're not sure how colliding attributes would
+                // resolve
            }
            if ($changed) {
                $tokens[$key]->attributes = $attr;
--- a/tests/HTMLPurifier/AttrDef/EnumTest.php
+++ b/tests/HTMLPurifier/AttrDef/EnumTest.php
@ -23,6 +23,14 @@ class HTMLPurifier_AttrDef_EnumTest extends UnitTestCase
        
    }
    
+    function testFixing() {
+        
+        $def = new HTMLPurifier_AttrDef_Enum(array('one'));
+        
+        $this->assertEqual('one', $def->validate(' one '));
+        
+    }
+    
 }

 ?>
--- a/tests/HTMLPurifier/AttrDef/IDTest.php
+++ b/tests/HTMLPurifier/AttrDef/IDTest.php
@ -26,6 +26,9 @@ class HTMLPurifier_AttrDef_IDTest extends UnitTestCase
        // test duplicate detection
        $this->assertFalse($def->validate('a'   , $acc));
        
+        // valid once whitespace stripped, but needs to be amended
+        $this->assertEqual('whee', $def->validate(' whee ', $acc));
+        
    }
    
 }
--- a/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
+++ b/tests/HTMLPurifier/Strategy/ValidateAttributesTest.php
@ -34,6 +34,10 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
        $inputs[5] = '<div ID="valid">Convert ID to lowercase.</div>';
        $expect[5] = '<div id="valid">Convert ID to lowercase.</div>';
        
+        // test simple attribute substitution
+        $inputs[6] = '<div id=" valid ">Trim whitespace.</div>';
+        $expect[6] = '<div id="valid">Trim whitespace.</div>';
+        
        $this->assertStrategyWorks($strategy, $inputs, $expect);
        
    }