mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
[2.1.0] Friendly error messages for when injector needs a tag that's not allowed added
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1265 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
9dd7c8c7dd
commit
a96b5bf612
2
NEWS
2
NEWS
@ -13,6 +13,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
! With %Core.AggressivelyFixLt, <3 and similar emoticons no longer
|
||||
trigger HTML removal in PHP5 (DOMLex). This directive is not necessary
|
||||
for PHP4 (DirectLex).
|
||||
- AutoFormatters emit friendly error messages if tags or attributes they
|
||||
need are not allowed
|
||||
|
||||
2.0.2, unknown release date
|
||||
(none)
|
||||
|
@ -8,6 +8,11 @@
|
||||
class HTMLPurifier_Injector
|
||||
{
|
||||
|
||||
/**
|
||||
* Advisory name of injector, this is for friendly error messages
|
||||
*/
|
||||
var $name;
|
||||
|
||||
/**
|
||||
* Amount of tokens the injector needs to skip + 1. Because
|
||||
* the decrement is the first thing that happens, this needs to
|
||||
@ -40,16 +45,37 @@ class HTMLPurifier_Injector
|
||||
var $inputIndex;
|
||||
|
||||
/**
|
||||
* Prepares the injector by giving it the config and context objects,
|
||||
* so that important variables can be extracted and not passed via
|
||||
* parameter constantly. Remember: always instantiate a new injector
|
||||
* when handling a set of HTML.
|
||||
* Array of elements and attributes this injector creates and therefore
|
||||
* need to be allowed by the definition. Takes form of
|
||||
* array('element' => array('attr', 'attr2'), 'element2')
|
||||
*/
|
||||
var $needed = array();
|
||||
|
||||
/**
|
||||
* Prepares the injector by giving it the config and context objects:
|
||||
* this allows references to important variables to be made within
|
||||
* the injector. This function also checks if the HTML environment
|
||||
* will work with the Injector: if p tags are not allowed, the
|
||||
* Auto-Paragraphing injector should not be enabled.
|
||||
* @param $config Instance of HTMLPurifier_Config
|
||||
* @param $context Instance of HTMLPurifier_Context
|
||||
* @return Boolean false if success, string of missing needed element/attribute if failure
|
||||
*/
|
||||
function prepare($config, &$context) {
|
||||
$this->htmlDefinition = $config->getHTMLDefinition();
|
||||
// perform $needed checks
|
||||
foreach ($this->needed as $element => $attributes) {
|
||||
if (is_int($element)) $element = $attributes;
|
||||
if (!isset($this->htmlDefinition->info[$element])) return $element;
|
||||
if (!is_array($attributes)) continue;
|
||||
foreach ($attributes as $name) {
|
||||
if (!isset($this->htmlDefinition->info[$element]->attr[$name])) return "$element.$name";
|
||||
}
|
||||
}
|
||||
$this->currentNesting =& $context->get('CurrentNesting');
|
||||
$this->inputTokens =& $context->get('InputTokens');
|
||||
$this->inputIndex =& $context->get('InputIndex');
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -15,6 +15,11 @@ HTMLPurifier_ConfigSchema::define(
|
||||
block elements in nodes that allow paragraph tags</li>
|
||||
<li>There are double newlines in paragraph tags</li>
|
||||
</ul>
|
||||
<p>
|
||||
<code>p</code> tags must be allowed for this directive to take effect.
|
||||
We do not use <code>br</code> tags for paragraphing, as that is
|
||||
semantically incorrect.
|
||||
</p>
|
||||
<p>
|
||||
This directive has been available since 2.0.1.
|
||||
</p>
|
||||
@ -27,6 +32,9 @@ HTMLPurifier_ConfigSchema::define(
|
||||
class HTMLPurifier_Injector_AutoParagraph extends HTMLPurifier_Injector
|
||||
{
|
||||
|
||||
var $name = 'AutoParagraph';
|
||||
var $needed = array('p');
|
||||
|
||||
function _pStart() {
|
||||
$par = new HTMLPurifier_Token_Start('p');
|
||||
$par->armor['MakeWellFormed_TagClosedError'] = true;
|
||||
|
@ -6,7 +6,8 @@ HTMLPurifier_ConfigSchema::define(
|
||||
'AutoFormat', 'Linkify', false, 'bool', '
|
||||
<p>
|
||||
This directive turns on linkification, auto-linking http, ftp and
|
||||
https URLs. This directive has been available since 2.0.1.
|
||||
https URLs. <code>a</code> tags with the <code>href</code> attribute
|
||||
must be allowed. This directive has been available since 2.0.1.
|
||||
</p>
|
||||
');
|
||||
|
||||
@ -16,6 +17,9 @@ HTMLPurifier_ConfigSchema::define(
|
||||
class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
|
||||
{
|
||||
|
||||
var $name = 'Linkify';
|
||||
var $needed = array('a' => array('href'));
|
||||
|
||||
function handleText(&$token) {
|
||||
if (!$this->allowsElement('a')) return;
|
||||
|
||||
|
@ -6,8 +6,9 @@ HTMLPurifier_ConfigSchema::define(
|
||||
'AutoFormat', 'PurifierLinkify', false, 'bool', '
|
||||
<p>
|
||||
Internal auto-formatter that converts configuration directives in
|
||||
syntax <a>%Namespace.Directive</a> to links. This directive has been available
|
||||
since 2.0.1.
|
||||
syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
|
||||
with the <code>href</code> attribute must be allowed.
|
||||
This directive has been available since 2.0.1.
|
||||
</p>
|
||||
');
|
||||
|
||||
@ -27,11 +28,13 @@ HTMLPurifier_ConfigSchema::define(
|
||||
class HTMLPurifier_Injector_PurifierLinkify extends HTMLPurifier_Injector
|
||||
{
|
||||
|
||||
var $name = 'PurifierLinkify';
|
||||
var $docURL;
|
||||
var $needed = array('a' => array('href'));
|
||||
|
||||
function prepare($config, &$context) {
|
||||
parent::prepare($config, $context);
|
||||
$this->docURL = $config->get('AutoFormatParam', 'PurifierLinkifyDocURL');
|
||||
return parent::prepare($config, $context);
|
||||
}
|
||||
|
||||
function handleText(&$token) {
|
||||
|
@ -67,7 +67,8 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
|
||||
unset($injectors['Custom']); // special case
|
||||
foreach ($injectors as $injector => $b) {
|
||||
$injector = "HTMLPurifier_Injector_$injector";
|
||||
if ($b) $this->injectors[] = new $injector;
|
||||
if (!$b) continue;
|
||||
$this->injectors[] = new $injector;
|
||||
}
|
||||
foreach ($custom_injectors as $injector) {
|
||||
if (is_string($injector)) {
|
||||
@ -87,7 +88,11 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
|
||||
// give the injectors references to the definition and context
|
||||
// variables for performance reasons
|
||||
foreach ($this->injectors as $i => $x) {
|
||||
$this->injectors[$i]->prepare($config, $context);
|
||||
$error = $this->injectors[$i]->prepare($config, $context);
|
||||
if (!$error) continue;
|
||||
list($injector) = array_splice($this->injectors, $i, 1);
|
||||
$name = $injector->name;
|
||||
trigger_error("Cannot enable $name injector because $error is not allowed", E_USER_WARNING);
|
||||
}
|
||||
|
||||
// -- end INJECTOR --
|
||||
|
@ -249,5 +249,10 @@ Par2',
|
||||
);
|
||||
}
|
||||
|
||||
function testNeeded() {
|
||||
$this->expectError('Cannot enable AutoParagraph injector because p is not allowed');
|
||||
$this->assertResult('<b>foobar</b>', true, array('AutoFormat.AutoParagraph' => true, 'HTML.Allowed' => 'b'));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
@ -34,5 +34,10 @@ class HTMLPurifier_Injector_LinkifyTest extends HTMLPurifier_InjectorHarness
|
||||
|
||||
}
|
||||
|
||||
function testNeeded() {
|
||||
$this->expectError('Cannot enable Linkify injector because a is not allowed');
|
||||
$this->assertResult('http://example.com/', true, array('AutoFormat.Linkify' => true, 'HTML.Allowed' => 'b'));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
@ -38,5 +38,10 @@ class HTMLPurifier_Injector_PurifierLinkifyTest extends HTMLPurifier_InjectorHar
|
||||
|
||||
}
|
||||
|
||||
function testNeeded() {
|
||||
$this->expectError('Cannot enable PurifierLinkify injector because a is not allowed');
|
||||
$this->assertResult('%Namespace.Directive', true, array('AutoFormat.PurifierLinkify' => true, 'HTML.Allowed' => 'b'));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user