0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-08 06:48:42 +00:00

[1.6.1] Fix broken configuration directive %Core.RemoveInvalidImg, also make basic demo operational out-of-the-box

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@999 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-04-30 00:53:13 +00:00
parent 114d6841ab
commit 968dfa2feb
4 changed files with 27 additions and 5 deletions

3
NEWS
View File

@ -15,10 +15,13 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
! DirectLex now preserves text in which a < bracket is followed by ! DirectLex now preserves text in which a < bracket is followed by
a non-alphanumeric character. This means that certain emoticons a non-alphanumeric character. This means that certain emoticons
are now preserved. are now preserved.
! %Core.RemoveInvalidImg is now operational, when set to false invalid
images will hang around with an empty src
- Possibly fatal bug with __autoload() fixed in module manager - Possibly fatal bug with __autoload() fixed in module manager
- Invert HTMLModuleManager->addModule() processing order to check - Invert HTMLModuleManager->addModule() processing order to check
prefixes first and then the literal module prefixes first and then the literal module
. Demo script removed: it has been added to the website's repository . Demo script removed: it has been added to the website's repository
. Basic.php script modified to work out of the box
1.6.0, released 2007-04-01 1.6.0, released 2007-04-01
! Support for most common deprecated attributes via transformations: ! Support for most common deprecated attributes via transformations:

View File

@ -1,14 +1,23 @@
<?php exit; <?php
// This file demonstrates basic usage of HTMLPurifier. // This file demonstrates basic usage of HTMLPurifier.
require_once '/path/to/htmlpurifier/library/HTMLPurifier.auto.php'; // replace this with the path to the HTML Purifier library
require_once '../../library/HTMLPurifier.auto.php';
$purifier = new HTMLPurifier(); $config = HTMLPurifier_Config::createDefault();
// configuration goes here:
$config->set('Core', 'Encoding', 'ISO-8859-1'); //replace with your encoding
$config->set('Core', 'XHTML', true); // set to false if HTML 4.01
$purifier = new HTMLPurifier($config);
// untrusted input HTML
$html = '<b>Simple and short'; $html = '<b>Simple and short';
$pure_html = $purifier->purify($html); $pure_html = $purifier->purify($html);
echo $pure_html; echo '<pre>' . htmlspecialchars($pure_html) . '</pre>';
?> ?>

View File

@ -29,6 +29,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
$generator = new HTMLPurifier_Generator(); $generator = new HTMLPurifier_Generator();
$result = array(); $result = array();
$escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags'); $escape_invalid_tags = $config->get('Core', 'EscapeInvalidTags');
$remove_invalid_img = $config->get('Core', 'RemoveInvalidImg');
foreach($tokens as $token) { foreach($tokens as $token) {
if (!empty( $token->is_tag )) { if (!empty( $token->is_tag )) {
// DEFINITION CALL // DEFINITION CALL
@ -37,7 +38,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
// hard-coded image special case, pre-emptively drop // hard-coded image special case, pre-emptively drop
// if not available. Probably not abstract-able // if not available. Probably not abstract-able
if ( $token->name == 'img' ) { if ( $token->name == 'img' && $remove_invalid_img ) {
if (!isset($token->attr['src'])) { if (!isset($token->attr['src'])) {
continue; continue;
} }

View File

@ -51,6 +51,15 @@ class HTMLPurifier_Strategy_RemoveForeignElementsTest
// test preservation of valid img tag // test preservation of valid img tag
$this->assertResult('<img src="foobar.gif" />'); $this->assertResult('<img src="foobar.gif" />');
// test preservation of invalid img tag when removal is disabled
$this->assertResult(
'<img />',
true,
array(
'Core.RemoveInvalidImg' => false
)
);
} }
} }