0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 00:41:52 +00:00

Implement simple attribute transformations and roll them out.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@152 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-04 00:11:54 +00:00
parent f0deae1fc0
commit 7d2bf08d2f
7 changed files with 41 additions and 9 deletions

View File

@ -14,11 +14,16 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
$this->case_sensitive = $case_sensitive; $this->case_sensitive = $case_sensitive;
} }
function validate($string) { function validate($raw_string) {
$string = trim($raw_string);
if (!$this->case_sensitive) { if (!$this->case_sensitive) {
$string = ctype_lower($string) ? $string : strtolower($string); $string = ctype_lower($string) ? $string : strtolower($string);
} }
return isset($this->valid_values[$string]); $result = isset($this->valid_values[$string]);
// if strings equal, return result, otherwise, return
// the new string on a good result and false on a bad one
return ($string == $raw_string) ? $result : $result ? $string : false;
} }
} }

View File

@ -6,9 +6,9 @@ require_once 'HTMLPurifier/IDAccumulator.php';
class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
{ {
function validate($id, &$accumulator) { function validate($old_id, &$accumulator) {
$id = @ (string) $id; // sanity check $id = trim($old_id); // trim it first
if ($id === '') return false; if ($id === '') return false;
if (isset($accumulator->ids[$id])) return false; if (isset($accumulator->ids[$id])) return false;
@ -19,7 +19,7 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
$result = true; $result = true;
} else { } else {
if (!ctype_alpha(@$id[0])) return false; if (!ctype_alpha(@$id[0])) return false;
$trim = trim( $trim = trim( // primitive style of regexps, I suppose
$id, $id,
'A..Za..z0..9:-._' 'A..Za..z0..9:-._'
); );
@ -28,7 +28,10 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
if ($result) $accumulator->add($id); if ($result) $accumulator->add($id);
return $result; // if no change was made to the ID, return the result
// else, return the new id if stripping whitespace made it
// valid, or return false.
return ($id == $old_id) ? $result : ($result ? $id : false);
} }

View File

@ -222,9 +222,11 @@ class HTMLPurifier_Definition
// info[]->attr : defines allowed attributes for elements // info[]->attr : defines allowed attributes for elements
// this doesn't include REQUIRED declarations, those are handled // this doesn't include REQUIRED declarations, those are handled
// by the transform classes // by the transform classes. It will, however, do simple and slightly
// complex attribute value substitution
// attrs, included in almost every single one except for a few // attrs, included in almost every single one except for a few,
// which manually override these in their local definitions
$this->info_global_attr = array( $this->info_global_attr = array(
// core attrs // core attrs
'id' => new HTMLPurifier_AttrDef_ID(), 'id' => new HTMLPurifier_AttrDef_ID(),

View File

@ -36,10 +36,17 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
} else { } else {
$result = false; $result = false;
} }
if (!$result) { if ($result === false) {
$changed = true; $changed = true;
unset($attr[$attr_key]); unset($attr[$attr_key]);
} elseif (is_string($result)) {
// simple substitution
$changed = true;
$attr[$attr_key] = $result;
} }
// we'd also want slightly more complicated substitution,
// although we're not sure how colliding attributes would
// resolve
} }
if ($changed) { if ($changed) {
$tokens[$key]->attributes = $attr; $tokens[$key]->attributes = $attr;

View File

@ -23,6 +23,14 @@ class HTMLPurifier_AttrDef_EnumTest extends UnitTestCase
} }
function testFixing() {
$def = new HTMLPurifier_AttrDef_Enum(array('one'));
$this->assertEqual('one', $def->validate(' one '));
}
} }
?> ?>

View File

@ -26,6 +26,9 @@ class HTMLPurifier_AttrDef_IDTest extends UnitTestCase
// test duplicate detection // test duplicate detection
$this->assertFalse($def->validate('a' , $acc)); $this->assertFalse($def->validate('a' , $acc));
// valid once whitespace stripped, but needs to be amended
$this->assertEqual('whee', $def->validate(' whee ', $acc));
} }
} }

View File

@ -34,6 +34,10 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
$inputs[5] = '<div ID="valid">Convert ID to lowercase.</div>'; $inputs[5] = '<div ID="valid">Convert ID to lowercase.</div>';
$expect[5] = '<div id="valid">Convert ID to lowercase.</div>'; $expect[5] = '<div id="valid">Convert ID to lowercase.</div>';
// test simple attribute substitution
$inputs[6] = '<div id=" valid ">Trim whitespace.</div>';
$expect[6] = '<div id="valid">Trim whitespace.</div>';
$this->assertStrategyWorks($strategy, $inputs, $expect); $this->assertStrategyWorks($strategy, $inputs, $expect);
} }