mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 00:11:52 +00:00
Supported hundreds of nested HTML (#202)
* Supported hundreds of nested HTML (#201) * Add Core.AllowParseManyTags
This commit is contained in:
parent
524cd08a59
commit
8c153eef3a
1
NEWS
1
NEWS
@ -13,6 +13,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
# SafeScripting is now case-sensitive (previously it was
|
# SafeScripting is now case-sensitive (previously it was
|
||||||
case-insensitive.) Thanks Dimitri Gritsajuk <gritsajuk.dimitri@gmail.com>
|
case-insensitive.) Thanks Dimitri Gritsajuk <gritsajuk.dimitri@gmail.com>
|
||||||
for reporting.
|
for reporting.
|
||||||
|
! New directive %Core.AllowParseManyTags which allows parsing of many nested tags.
|
||||||
|
|
||||||
4.10.0, released 2018-02-22
|
4.10.0, released 2018-02-22
|
||||||
# PHP 5.3 is no longer officially supported by HTML Purifier
|
# PHP 5.3 is no longer officially supported by HTML Purifier
|
||||||
|
@ -94,6 +94,11 @@
|
|||||||
<line>429</line>
|
<line>429</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
|
<directive id="Core.AllowParseManyTags">
|
||||||
|
<file name="HTMLPurifier/Lexer/DOMLex.php">
|
||||||
|
<line>72</line>
|
||||||
|
</file>
|
||||||
|
</directive>
|
||||||
<directive id="Output.CommentScriptContents">
|
<directive id="Output.CommentScriptContents">
|
||||||
<file name="HTMLPurifier/Generator.php">
|
<file name="HTMLPurifier/Generator.php">
|
||||||
<line>70</line>
|
<line>70</line>
|
||||||
|
@ -75,6 +75,7 @@ Core is the potpourri of directives, mostly regarding some minor behavioral
|
|||||||
tweaks for HTML handling abilities.
|
tweaks for HTML handling abilities.
|
||||||
|
|
||||||
AggressivelyFixLt
|
AggressivelyFixLt
|
||||||
|
AllowParseManyTags
|
||||||
ConvertDocumentToFragment
|
ConvertDocumentToFragment
|
||||||
DirectLexLineNumberSyncInterval
|
DirectLexLineNumberSyncInterval
|
||||||
LexerImpl
|
LexerImpl
|
||||||
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,12 @@
|
|||||||
|
Core.AllowParseManyTags
|
||||||
|
TYPE: bool
|
||||||
|
DEFAULT: false
|
||||||
|
VERSION: 4.10.1
|
||||||
|
--DESCRIPTION--
|
||||||
|
<p>
|
||||||
|
This directive allows parsing of many nested tags.
|
||||||
|
If you set true, relaxes any hardcoded limit from the parser.
|
||||||
|
However, in that case it may cause a Dos attack.
|
||||||
|
Be careful when enabling it.
|
||||||
|
</p>
|
||||||
|
--# vim: et sw=4 sts=4
|
@ -68,8 +68,13 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
|
|||||||
$doc = new DOMDocument();
|
$doc = new DOMDocument();
|
||||||
$doc->encoding = 'UTF-8'; // theoretically, the above has this covered
|
$doc->encoding = 'UTF-8'; // theoretically, the above has this covered
|
||||||
|
|
||||||
|
$options = 0;
|
||||||
|
if ($config->get('Core.AllowParseManyTags') && defined('LIBXML_PARSEHUGE')) {
|
||||||
|
$options |= LIBXML_PARSEHUGE;
|
||||||
|
}
|
||||||
|
|
||||||
set_error_handler(array($this, 'muteErrorHandler'));
|
set_error_handler(array($this, 'muteErrorHandler'));
|
||||||
$doc->loadHTML($html);
|
$doc->loadHTML($html, $options);
|
||||||
restore_error_handler();
|
restore_error_handler();
|
||||||
|
|
||||||
$body = $doc->getElementsByTagName('html')->item(0)-> // <html>
|
$body = $doc->getElementsByTagName('html')->item(0)-> // <html>
|
||||||
|
@ -53,5 +53,6 @@ $config->set('Core.Encoding', $GLOBALS['PHORUM']['DATA']['CHARSET']); // we'll c
|
|||||||
if (strtolower($GLOBALS['PHORUM']['DATA']['CHARSET']) !== 'utf-8') {
|
if (strtolower($GLOBALS['PHORUM']['DATA']['CHARSET']) !== 'utf-8') {
|
||||||
$config->set('Core.EscapeNonASCIICharacters', true);
|
$config->set('Core.EscapeNonASCIICharacters', true);
|
||||||
}
|
}
|
||||||
|
$config->set('Core.AllowParseManyTags', false);
|
||||||
|
|
||||||
// vim: et sw=4 sts=4
|
// vim: et sw=4 sts=4
|
||||||
|
@ -384,6 +384,21 @@ a[href|title]
|
|||||||
$this->config->getHTMLDefinition();
|
$this->config->getHTMLDefinition();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_manyNestedTags()
|
||||||
|
{
|
||||||
|
$config = HTMLPurifier_Config::createDefault();
|
||||||
|
$config->set('Core.AllowParseManyTags', true);
|
||||||
|
$purifier = new HTMLPurifier($config);
|
||||||
|
|
||||||
|
$input = 'I am inside a lot of tags';
|
||||||
|
for ($i = 0; $i < 300; $i++) {
|
||||||
|
$input = '<div>' . $input . '</div>';
|
||||||
|
}
|
||||||
|
$output = $purifier->purify($input);
|
||||||
|
|
||||||
|
$this->assertIdentical($input, $output);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// vim: et sw=4 sts=4
|
// vim: et sw=4 sts=4
|
||||||
|
Loading…
Reference in New Issue
Block a user