mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
Fix #45, errors when ul/ol allowed without li.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
parent
096064dd0a
commit
91fd55c857
2
NEWS
2
NEWS
@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
allowed.
|
||||
- Minor bounds error fix to squash a PHP 7 notice.
|
||||
- Support non-/tmp temporary directories for data:// validation
|
||||
- Give a better error message when a user attempts to allow
|
||||
ul/ol without allowing li.
|
||||
|
||||
4.7.0, released 2015-08-04
|
||||
# opacity is now considered a "tricky" CSS property rather than a
|
||||
|
@ -38,6 +38,12 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
|
||||
return false;
|
||||
}
|
||||
|
||||
// if li is not allowed, delete parent node
|
||||
if (!isset($config->getHTMLDefinition()->info['li'])) {
|
||||
trigger_error("Cannot allow ul/ol without allowing li", E_USER_WARNING);
|
||||
return false;
|
||||
}
|
||||
|
||||
// the new set of children
|
||||
$result = array();
|
||||
|
||||
|
@ -27,6 +27,9 @@ class HTMLPurifier_HTMLT extends HTMLPurifier_Harness
|
||||
$this->config->loadIni($ini_file);
|
||||
}
|
||||
$expect = isset($hash['EXPECT']) ? $hash['EXPECT'] : $hash['HTML'];
|
||||
if (isset($hash['ERROR'])) {
|
||||
$this->expectError($hash['ERROR']);
|
||||
}
|
||||
$this->assertPurification(rtrim($hash['HTML']), rtrim($expect));
|
||||
if (isset($hash['INI'])) unlink($ini_file);
|
||||
}
|
||||
|
7
tests/HTMLPurifier/HTMLT/li-disabled.htmlt
Normal file
7
tests/HTMLPurifier/HTMLT/li-disabled.htmlt
Normal file
@ -0,0 +1,7 @@
|
||||
ERROR: Cannot allow ul/ol without allowing li
|
||||
--INI--
|
||||
HTML.AllowedElements = ul
|
||||
--HTML--
|
||||
<ul><li>foo</li></ul>
|
||||
--EXPECT--
|
||||
--# vim: et sw=4 sts=4
|
@ -151,6 +151,13 @@ class HTMLPurifier_Strategy_FixNestingTest extends HTMLPurifier_StrategyHarness
|
||||
$this->assertResult('<pre><font><font></font></font></pre>');
|
||||
}
|
||||
|
||||
public function testDoubleKill()
|
||||
{
|
||||
$this->config->set('HTML.Allowed', 'ul');
|
||||
$this->expectError('Cannot allow ul/ol without allowing li');
|
||||
$this->assertResult('<ul>foo</ul>', '');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
Loading…
Reference in New Issue
Block a user