mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-23 00:41:52 +00:00
Implement simple attribute transformations and roll them out.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@152 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
f0deae1fc0
commit
7d2bf08d2f
@ -14,11 +14,16 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
|
|||||||
$this->case_sensitive = $case_sensitive;
|
$this->case_sensitive = $case_sensitive;
|
||||||
}
|
}
|
||||||
|
|
||||||
function validate($string) {
|
function validate($raw_string) {
|
||||||
|
$string = trim($raw_string);
|
||||||
if (!$this->case_sensitive) {
|
if (!$this->case_sensitive) {
|
||||||
$string = ctype_lower($string) ? $string : strtolower($string);
|
$string = ctype_lower($string) ? $string : strtolower($string);
|
||||||
}
|
}
|
||||||
return isset($this->valid_values[$string]);
|
$result = isset($this->valid_values[$string]);
|
||||||
|
|
||||||
|
// if strings equal, return result, otherwise, return
|
||||||
|
// the new string on a good result and false on a bad one
|
||||||
|
return ($string == $raw_string) ? $result : $result ? $string : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -6,9 +6,9 @@ require_once 'HTMLPurifier/IDAccumulator.php';
|
|||||||
class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
|
class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
|
||||||
{
|
{
|
||||||
|
|
||||||
function validate($id, &$accumulator) {
|
function validate($old_id, &$accumulator) {
|
||||||
|
|
||||||
$id = @ (string) $id; // sanity check
|
$id = trim($old_id); // trim it first
|
||||||
|
|
||||||
if ($id === '') return false;
|
if ($id === '') return false;
|
||||||
if (isset($accumulator->ids[$id])) return false;
|
if (isset($accumulator->ids[$id])) return false;
|
||||||
@ -19,7 +19,7 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
|
|||||||
$result = true;
|
$result = true;
|
||||||
} else {
|
} else {
|
||||||
if (!ctype_alpha(@$id[0])) return false;
|
if (!ctype_alpha(@$id[0])) return false;
|
||||||
$trim = trim(
|
$trim = trim( // primitive style of regexps, I suppose
|
||||||
$id,
|
$id,
|
||||||
'A..Za..z0..9:-._'
|
'A..Za..z0..9:-._'
|
||||||
);
|
);
|
||||||
@ -28,7 +28,10 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
|
|||||||
|
|
||||||
if ($result) $accumulator->add($id);
|
if ($result) $accumulator->add($id);
|
||||||
|
|
||||||
return $result;
|
// if no change was made to the ID, return the result
|
||||||
|
// else, return the new id if stripping whitespace made it
|
||||||
|
// valid, or return false.
|
||||||
|
return ($id == $old_id) ? $result : ($result ? $id : false);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -222,9 +222,11 @@ class HTMLPurifier_Definition
|
|||||||
// info[]->attr : defines allowed attributes for elements
|
// info[]->attr : defines allowed attributes for elements
|
||||||
|
|
||||||
// this doesn't include REQUIRED declarations, those are handled
|
// this doesn't include REQUIRED declarations, those are handled
|
||||||
// by the transform classes
|
// by the transform classes. It will, however, do simple and slightly
|
||||||
|
// complex attribute value substitution
|
||||||
|
|
||||||
// attrs, included in almost every single one except for a few
|
// attrs, included in almost every single one except for a few,
|
||||||
|
// which manually override these in their local definitions
|
||||||
$this->info_global_attr = array(
|
$this->info_global_attr = array(
|
||||||
// core attrs
|
// core attrs
|
||||||
'id' => new HTMLPurifier_AttrDef_ID(),
|
'id' => new HTMLPurifier_AttrDef_ID(),
|
||||||
|
@ -36,10 +36,17 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
|
|||||||
} else {
|
} else {
|
||||||
$result = false;
|
$result = false;
|
||||||
}
|
}
|
||||||
if (!$result) {
|
if ($result === false) {
|
||||||
$changed = true;
|
$changed = true;
|
||||||
unset($attr[$attr_key]);
|
unset($attr[$attr_key]);
|
||||||
|
} elseif (is_string($result)) {
|
||||||
|
// simple substitution
|
||||||
|
$changed = true;
|
||||||
|
$attr[$attr_key] = $result;
|
||||||
}
|
}
|
||||||
|
// we'd also want slightly more complicated substitution,
|
||||||
|
// although we're not sure how colliding attributes would
|
||||||
|
// resolve
|
||||||
}
|
}
|
||||||
if ($changed) {
|
if ($changed) {
|
||||||
$tokens[$key]->attributes = $attr;
|
$tokens[$key]->attributes = $attr;
|
||||||
|
@ -23,6 +23,14 @@ class HTMLPurifier_AttrDef_EnumTest extends UnitTestCase
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testFixing() {
|
||||||
|
|
||||||
|
$def = new HTMLPurifier_AttrDef_Enum(array('one'));
|
||||||
|
|
||||||
|
$this->assertEqual('one', $def->validate(' one '));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
@ -26,6 +26,9 @@ class HTMLPurifier_AttrDef_IDTest extends UnitTestCase
|
|||||||
// test duplicate detection
|
// test duplicate detection
|
||||||
$this->assertFalse($def->validate('a' , $acc));
|
$this->assertFalse($def->validate('a' , $acc));
|
||||||
|
|
||||||
|
// valid once whitespace stripped, but needs to be amended
|
||||||
|
$this->assertEqual('whee', $def->validate(' whee ', $acc));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -34,6 +34,10 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
|
|||||||
$inputs[5] = '<div ID="valid">Convert ID to lowercase.</div>';
|
$inputs[5] = '<div ID="valid">Convert ID to lowercase.</div>';
|
||||||
$expect[5] = '<div id="valid">Convert ID to lowercase.</div>';
|
$expect[5] = '<div id="valid">Convert ID to lowercase.</div>';
|
||||||
|
|
||||||
|
// test simple attribute substitution
|
||||||
|
$inputs[6] = '<div id=" valid ">Trim whitespace.</div>';
|
||||||
|
$expect[6] = '<div id="valid">Trim whitespace.</div>';
|
||||||
|
|
||||||
$this->assertStrategyWorks($strategy, $inputs, $expect);
|
$this->assertStrategyWorks($strategy, $inputs, $expect);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user