Fix #45, errors when ul/ol allowed without li.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2024-09-19 10:45:18 +00:00 · 2016-03-26 22:41:54 -07:00 · 2016-03-26 22:41:54 -07:00 · 91fd55c857
commit 91fd55c857
parent 096064dd0a
5 changed files with 25 additions and 0 deletions
--- a/2
+++ b/2
@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
  allowed.
 - Minor bounds error fix to squash a PHP 7 notice.
 - Support non-/tmp temporary directories for data:// validation
+- Give a better error message when a user attempts to allow
+  ul/ol without allowing li.

 4.7.0, released 2015-08-04
 # opacity is now considered a "tricky" CSS property rather than a
--- a/library/HTMLPurifier/ChildDef/List.php
+++ b/library/HTMLPurifier/ChildDef/List.php
@ -38,6 +38,12 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
            return false;
        }

+        // if li is not allowed, delete parent node
+        if (!isset($config->getHTMLDefinition()->info['li'])) {
+            trigger_error("Cannot allow ul/ol without allowing li", E_USER_WARNING);
+            return false;
+        }
+
        // the new set of children
        $result = array();

--- a/tests/HTMLPurifier/HTMLT.php
+++ b/tests/HTMLPurifier/HTMLT.php
@ -27,6 +27,9 @@ class HTMLPurifier_HTMLT extends HTMLPurifier_Harness
            $this->config->loadIni($ini_file);
        }
        $expect = isset($hash['EXPECT']) ? $hash['EXPECT'] : $hash['HTML'];
+        if (isset($hash['ERROR'])) {
+            $this->expectError($hash['ERROR']);
+        }
        $this->assertPurification(rtrim($hash['HTML']), rtrim($expect));
        if (isset($hash['INI'])) unlink($ini_file);
    }
--- a/tests/HTMLPurifier/HTMLT/li-disabled.htmlt
+++ b/tests/HTMLPurifier/HTMLT/li-disabled.htmlt
@ -0,0 +1,7 @@
+ERROR: Cannot allow ul/ol without allowing li
+--INI--
+HTML.AllowedElements = ul
+--HTML--
+<ul><li>foo</li></ul>
+--EXPECT--
+--# vim: et sw=4 sts=4
--- a/tests/HTMLPurifier/Strategy/FixNestingTest.php
+++ b/tests/HTMLPurifier/Strategy/FixNestingTest.php
@ -151,6 +151,13 @@ class HTMLPurifier_Strategy_FixNestingTest extends HTMLPurifier_StrategyHarness
        $this->assertResult('<pre><font><font></font></font></pre>');
    }

+    public function testDoubleKill()
+    {
+        $this->config->set('HTML.Allowed', 'ul');
+        $this->expectError('Cannot allow ul/ol without allowing li');
+        $this->assertResult('<ul>foo</ul>', '');
+    }
+
 }

 // vim: et sw=4 sts=4