0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 00:41:52 +00:00

Implement simple attribute transformations and roll them out.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@152 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-04 00:11:54 +00:00
parent f0deae1fc0
commit 7d2bf08d2f
7 changed files with 41 additions and 9 deletions

View File

@ -14,11 +14,16 @@ class HTMLPurifier_AttrDef_Enum extends HTMLPurifier_AttrDef
$this->case_sensitive = $case_sensitive;
}
function validate($string) {
function validate($raw_string) {
$string = trim($raw_string);
if (!$this->case_sensitive) {
$string = ctype_lower($string) ? $string : strtolower($string);
}
return isset($this->valid_values[$string]);
$result = isset($this->valid_values[$string]);
// if strings equal, return result, otherwise, return
// the new string on a good result and false on a bad one
return ($string == $raw_string) ? $result : $result ? $string : false;
}
}

View File

@ -6,9 +6,9 @@ require_once 'HTMLPurifier/IDAccumulator.php';
class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
{
function validate($id, &$accumulator) {
function validate($old_id, &$accumulator) {
$id = @ (string) $id; // sanity check
$id = trim($old_id); // trim it first
if ($id === '') return false;
if (isset($accumulator->ids[$id])) return false;
@ -19,7 +19,7 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
$result = true;
} else {
if (!ctype_alpha(@$id[0])) return false;
$trim = trim(
$trim = trim( // primitive style of regexps, I suppose
$id,
'A..Za..z0..9:-._'
);
@ -28,7 +28,10 @@ class HTMLPurifier_AttrDef_ID extends HTMLPurifier_AttrDef
if ($result) $accumulator->add($id);
return $result;
// if no change was made to the ID, return the result
// else, return the new id if stripping whitespace made it
// valid, or return false.
return ($id == $old_id) ? $result : ($result ? $id : false);
}

View File

@ -222,9 +222,11 @@ class HTMLPurifier_Definition
// info[]->attr : defines allowed attributes for elements
// this doesn't include REQUIRED declarations, those are handled
// by the transform classes
// by the transform classes. It will, however, do simple and slightly
// complex attribute value substitution
// attrs, included in almost every single one except for a few
// attrs, included in almost every single one except for a few,
// which manually override these in their local definitions
$this->info_global_attr = array(
// core attrs
'id' => new HTMLPurifier_AttrDef_ID(),

View File

@ -36,10 +36,17 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
} else {
$result = false;
}
if (!$result) {
if ($result === false) {
$changed = true;
unset($attr[$attr_key]);
} elseif (is_string($result)) {
// simple substitution
$changed = true;
$attr[$attr_key] = $result;
}
// we'd also want slightly more complicated substitution,
// although we're not sure how colliding attributes would
// resolve
}
if ($changed) {
$tokens[$key]->attributes = $attr;

View File

@ -23,6 +23,14 @@ class HTMLPurifier_AttrDef_EnumTest extends UnitTestCase
}
function testFixing() {
$def = new HTMLPurifier_AttrDef_Enum(array('one'));
$this->assertEqual('one', $def->validate(' one '));
}
}
?>

View File

@ -26,6 +26,9 @@ class HTMLPurifier_AttrDef_IDTest extends UnitTestCase
// test duplicate detection
$this->assertFalse($def->validate('a' , $acc));
// valid once whitespace stripped, but needs to be amended
$this->assertEqual('whee', $def->validate(' whee ', $acc));
}
}

View File

@ -34,6 +34,10 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
$inputs[5] = '<div ID="valid">Convert ID to lowercase.</div>';
$expect[5] = '<div id="valid">Convert ID to lowercase.</div>';
// test simple attribute substitution
$inputs[6] = '<div id=" valid ">Trim whitespace.</div>';
$expect[6] = '<div id="valid">Trim whitespace.</div>';
$this->assertStrategyWorks($strategy, $inputs, $expect);
}