diff --git a/NEWS b/NEWS index 9ea7f1f9..6981cc82 100644 --- a/NEWS +++ b/NEWS @@ -15,10 +15,13 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier ! DirectLex now preserves text in which a < bracket is followed by a non-alphanumeric character. This means that certain emoticons are now preserved. +! %Core.RemoveInvalidImg is now operational, when set to false invalid + images will hang around with an empty src - Possibly fatal bug with __autoload() fixed in module manager - Invert HTMLModuleManager->addModule() processing order to check prefixes first and then the literal module . Demo script removed: it has been added to the website's repository +. Basic.php script modified to work out of the box 1.6.0, released 2007-04-01 ! Support for most common deprecated attributes via transformations: diff --git a/docs/examples/basic.php b/docs/examples/basic.php index 60258512..029ca7c8 100644 --- a/docs/examples/basic.php +++ b/docs/examples/basic.php @@ -1,14 +1,23 @@ -set('Core', 'Encoding', 'ISO-8859-1'); //replace with your encoding +$config->set('Core', 'XHTML', true); // set to false if HTML 4.01 + +$purifier = new HTMLPurifier($config); + +// untrusted input HTML $html = 'Simple and short'; $pure_html = $purifier->purify($html); -echo $pure_html; +echo '
' . htmlspecialchars($pure_html) . '
'; ?> \ No newline at end of file diff --git a/library/HTMLPurifier/Strategy/RemoveForeignElements.php b/library/HTMLPurifier/Strategy/RemoveForeignElements.php index 27caf364..cb5c4dd1 100644 --- a/library/HTMLPurifier/Strategy/RemoveForeignElements.php +++ b/library/HTMLPurifier/Strategy/RemoveForeignElements.php @@ -29,6 +29,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy $generator = new HTMLPurifier_Generator(); $result = array(); $escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags'); + $remove_invalid_img = $config->get('Core', 'RemoveInvalidImg'); foreach($tokens as $token) { if (!empty( $token->is_tag )) { // DEFINITION CALL @@ -37,7 +38,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy // hard-coded image special case, pre-emptively drop // if not available. Probably not abstract-able - if ( $token->name == 'img' ) { + if ( $token->name == 'img' && $remove_invalid_img ) { if (!isset($token->attr['src'])) { continue; } diff --git a/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php b/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php index e2227705..9ec193dc 100644 --- a/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php +++ b/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php @@ -51,6 +51,15 @@ class HTMLPurifier_Strategy_RemoveForeignElementsTest // test preservation of valid img tag $this->assertResult(''); + // test preservation of invalid img tag when removal is disabled + $this->assertResult( + '', + true, + array( + 'Core.RemoveInvalidImg' => false + ) + ); + } }