mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-19 10:45:18 +00:00
Code Releases Activity

[3.1.1] Implement percent encoding for URI query and fragment

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1758 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-05-21 02:58:41 +00:00
parent af3f5190dc
commit 80f59206d7
4 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -15,6 +15,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- AttrValidator operations are now atomic; updates to attributes are not - AttrValidator operations are now atomic; updates to attributes are not
manifest in token until end of operations. This prevents naughty internal manifest in token until end of operations. This prevents naughty internal
code from directly modifying CurrentToken when they're not supposed to. code from directly modifying CurrentToken when they're not supposed to.
- Percent encoding checks enabled for URI query and fragment
. Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient . Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
this class. this class.

1
TODO
View File

@ -11,7 +11,6 @@ If no interest is expressed for a feature that may require a considerable
amount of effort to implement, it may get endlessly delayed. Do not be amount of effort to implement, it may get endlessly delayed. Do not be
afraid to cast your vote for the next feature to be implemented! afraid to cast your vote for the next feature to be implemented!
- Implement validation for query and for fragment
- Ability to fully turn off imagecrash fixes (attribute and CSS will require - Ability to fully turn off imagecrash fixes (attribute and CSS will require
two separate directives due to our architecture.) two separate directives due to our architecture.)
- Investigate how early internal structures can be accessed; this would - Investigate how early internal structures can be accessed; this would

11
library/HTMLPurifier/URI.php
View File

@ -128,6 +128,17 @@ class HTMLPurifier_URI
$this->path = ''; // just to be safe $this->path = ''; // just to be safe
} }
// qf = query and fragment
$qf_encoder = new HTMLPurifier_PercentEncoder($chars_pchar . '/?');
if (!is_null($this->query)) {
$this->query = $qf_encoder->encode($this->query);
}
if (!is_null($this->fragment)) {
$this->fragment = $qf_encoder->encode($this->fragment);
}
return true; return true;
} }

8
tests/HTMLPurifier/URITest.php
View File

@ -184,6 +184,14 @@ class HTMLPurifier_URITest extends HTMLPurifier_URIHarness
$this->assertValidation("\xE3\x91\x94", '%E3%91%94'); $this->assertValidation("\xE3\x91\x94", '%E3%91%94');
} }
function test_validate_query() {
$this->assertValidation("?/\xE3\x91\x94", '?/%E3%91%94');
}
function test_validate_fragment() {
$this->assertValidation("#/\xE3\x91\x94", '#/%E3%91%94');
}
function test_validate_path_empty() { function test_validate_path_empty() {
$this->assertValidation('http://google.com'); $this->assertValidation('http://google.com');
} }