0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00

Fix #45, errors when ul/ol allowed without li.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang 2016-03-26 22:41:54 -07:00
parent 096064dd0a
commit 91fd55c857
5 changed files with 25 additions and 0 deletions

2
NEWS
View File

@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
allowed.
- Minor bounds error fix to squash a PHP 7 notice.
- Support non-/tmp temporary directories for data:// validation
- Give a better error message when a user attempts to allow
ul/ol without allowing li.
4.7.0, released 2015-08-04
# opacity is now considered a "tricky" CSS property rather than a

View File

@ -38,6 +38,12 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
return false;
}
// if li is not allowed, delete parent node
if (!isset($config->getHTMLDefinition()->info['li'])) {
trigger_error("Cannot allow ul/ol without allowing li", E_USER_WARNING);
return false;
}
// the new set of children
$result = array();

View File

@ -27,6 +27,9 @@ class HTMLPurifier_HTMLT extends HTMLPurifier_Harness
$this->config->loadIni($ini_file);
}
$expect = isset($hash['EXPECT']) ? $hash['EXPECT'] : $hash['HTML'];
if (isset($hash['ERROR'])) {
$this->expectError($hash['ERROR']);
}
$this->assertPurification(rtrim($hash['HTML']), rtrim($expect));
if (isset($hash['INI'])) unlink($ini_file);
}

View File

@ -0,0 +1,7 @@
ERROR: Cannot allow ul/ol without allowing li
--INI--
HTML.AllowedElements = ul
--HTML--
<ul><li>foo</li></ul>
--EXPECT--
--# vim: et sw=4 sts=4

View File

@ -151,6 +151,13 @@ class HTMLPurifier_Strategy_FixNestingTest extends HTMLPurifier_StrategyHarness
$this->assertResult('<pre><font><font></font></font></pre>');
}
public function testDoubleKill()
{
$this->config->set('HTML.Allowed', 'ul');
$this->expectError('Cannot allow ul/ol without allowing li');
$this->assertResult('<ul>foo</ul>', '');
}
}
// vim: et sw=4 sts=4