0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-08 23:11:52 +00:00

[2.1.0] Friendly error messages for when injector needs a tag that's not allowed added

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1265 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-06-28 13:06:15 +00:00
parent 9dd7c8c7dd
commit a96b5bf612
9 changed files with 73 additions and 10 deletions

2
NEWS
View File

@ -13,6 +13,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
! With %Core.AggressivelyFixLt, <3 and similar emoticons no longer ! With %Core.AggressivelyFixLt, <3 and similar emoticons no longer
trigger HTML removal in PHP5 (DOMLex). This directive is not necessary trigger HTML removal in PHP5 (DOMLex). This directive is not necessary
for PHP4 (DirectLex). for PHP4 (DirectLex).
- AutoFormatters emit friendly error messages if tags or attributes they
need are not allowed
2.0.2, unknown release date 2.0.2, unknown release date
(none) (none)

View File

@ -8,6 +8,11 @@
class HTMLPurifier_Injector class HTMLPurifier_Injector
{ {
/**
* Advisory name of injector, this is for friendly error messages
*/
var $name;
/** /**
* Amount of tokens the injector needs to skip + 1. Because * Amount of tokens the injector needs to skip + 1. Because
* the decrement is the first thing that happens, this needs to * the decrement is the first thing that happens, this needs to
@ -40,16 +45,37 @@ class HTMLPurifier_Injector
var $inputIndex; var $inputIndex;
/** /**
* Prepares the injector by giving it the config and context objects, * Array of elements and attributes this injector creates and therefore
* so that important variables can be extracted and not passed via * need to be allowed by the definition. Takes form of
* parameter constantly. Remember: always instantiate a new injector * array('element' => array('attr', 'attr2'), 'element2')
* when handling a set of HTML. */
var $needed = array();
/**
* Prepares the injector by giving it the config and context objects:
* this allows references to important variables to be made within
* the injector. This function also checks if the HTML environment
* will work with the Injector: if p tags are not allowed, the
* Auto-Paragraphing injector should not be enabled.
* @param $config Instance of HTMLPurifier_Config
* @param $context Instance of HTMLPurifier_Context
* @return Boolean false if success, string of missing needed element/attribute if failure
*/ */
function prepare($config, &$context) { function prepare($config, &$context) {
$this->htmlDefinition = $config->getHTMLDefinition(); $this->htmlDefinition = $config->getHTMLDefinition();
// perform $needed checks
foreach ($this->needed as $element => $attributes) {
if (is_int($element)) $element = $attributes;
if (!isset($this->htmlDefinition->info[$element])) return $element;
if (!is_array($attributes)) continue;
foreach ($attributes as $name) {
if (!isset($this->htmlDefinition->info[$element]->attr[$name])) return "$element.$name";
}
}
$this->currentNesting =& $context->get('CurrentNesting'); $this->currentNesting =& $context->get('CurrentNesting');
$this->inputTokens =& $context->get('InputTokens'); $this->inputTokens =& $context->get('InputTokens');
$this->inputIndex =& $context->get('InputIndex'); $this->inputIndex =& $context->get('InputIndex');
return false;
} }
/** /**

View File

@ -15,6 +15,11 @@ HTMLPurifier_ConfigSchema::define(
block elements in nodes that allow paragraph tags</li> block elements in nodes that allow paragraph tags</li>
<li>There are double newlines in paragraph tags</li> <li>There are double newlines in paragraph tags</li>
</ul> </ul>
<p>
<code>p</code> tags must be allowed for this directive to take effect.
We do not use <code>br</code> tags for paragraphing, as that is
semantically incorrect.
</p>
<p> <p>
This directive has been available since 2.0.1. This directive has been available since 2.0.1.
</p> </p>
@ -27,6 +32,9 @@ HTMLPurifier_ConfigSchema::define(
class HTMLPurifier_Injector_AutoParagraph extends HTMLPurifier_Injector class HTMLPurifier_Injector_AutoParagraph extends HTMLPurifier_Injector
{ {
var $name = 'AutoParagraph';
var $needed = array('p');
function _pStart() { function _pStart() {
$par = new HTMLPurifier_Token_Start('p'); $par = new HTMLPurifier_Token_Start('p');
$par->armor['MakeWellFormed_TagClosedError'] = true; $par->armor['MakeWellFormed_TagClosedError'] = true;

View File

@ -6,7 +6,8 @@ HTMLPurifier_ConfigSchema::define(
'AutoFormat', 'Linkify', false, 'bool', ' 'AutoFormat', 'Linkify', false, 'bool', '
<p> <p>
This directive turns on linkification, auto-linking http, ftp and This directive turns on linkification, auto-linking http, ftp and
https URLs. This directive has been available since 2.0.1. https URLs. <code>a</code> tags with the <code>href</code> attribute
must be allowed. This directive has been available since 2.0.1.
</p> </p>
'); ');
@ -16,6 +17,9 @@ HTMLPurifier_ConfigSchema::define(
class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
{ {
var $name = 'Linkify';
var $needed = array('a' => array('href'));
function handleText(&$token) { function handleText(&$token) {
if (!$this->allowsElement('a')) return; if (!$this->allowsElement('a')) return;

View File

@ -6,8 +6,9 @@ HTMLPurifier_ConfigSchema::define(
'AutoFormat', 'PurifierLinkify', false, 'bool', ' 'AutoFormat', 'PurifierLinkify', false, 'bool', '
<p> <p>
Internal auto-formatter that converts configuration directives in Internal auto-formatter that converts configuration directives in
syntax <a>%Namespace.Directive</a> to links. This directive has been available syntax <a>%Namespace.Directive</a> to links. <code>a</code> tags
since 2.0.1. with the <code>href</code> attribute must be allowed.
This directive has been available since 2.0.1.
</p> </p>
'); ');
@ -27,11 +28,13 @@ HTMLPurifier_ConfigSchema::define(
class HTMLPurifier_Injector_PurifierLinkify extends HTMLPurifier_Injector class HTMLPurifier_Injector_PurifierLinkify extends HTMLPurifier_Injector
{ {
var $name = 'PurifierLinkify';
var $docURL; var $docURL;
var $needed = array('a' => array('href'));
function prepare($config, &$context) { function prepare($config, &$context) {
parent::prepare($config, $context);
$this->docURL = $config->get('AutoFormatParam', 'PurifierLinkifyDocURL'); $this->docURL = $config->get('AutoFormatParam', 'PurifierLinkifyDocURL');
return parent::prepare($config, $context);
} }
function handleText(&$token) { function handleText(&$token) {

View File

@ -67,7 +67,8 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
unset($injectors['Custom']); // special case unset($injectors['Custom']); // special case
foreach ($injectors as $injector => $b) { foreach ($injectors as $injector => $b) {
$injector = "HTMLPurifier_Injector_$injector"; $injector = "HTMLPurifier_Injector_$injector";
if ($b) $this->injectors[] = new $injector; if (!$b) continue;
$this->injectors[] = new $injector;
} }
foreach ($custom_injectors as $injector) { foreach ($custom_injectors as $injector) {
if (is_string($injector)) { if (is_string($injector)) {
@ -87,7 +88,11 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
// give the injectors references to the definition and context // give the injectors references to the definition and context
// variables for performance reasons // variables for performance reasons
foreach ($this->injectors as $i => $x) { foreach ($this->injectors as $i => $x) {
$this->injectors[$i]->prepare($config, $context); $error = $this->injectors[$i]->prepare($config, $context);
if (!$error) continue;
list($injector) = array_splice($this->injectors, $i, 1);
$name = $injector->name;
trigger_error("Cannot enable $name injector because $error is not allowed", E_USER_WARNING);
} }
// -- end INJECTOR -- // -- end INJECTOR --

View File

@ -249,5 +249,10 @@ Par2',
); );
} }
function testNeeded() {
$this->expectError('Cannot enable AutoParagraph injector because p is not allowed');
$this->assertResult('<b>foobar</b>', true, array('AutoFormat.AutoParagraph' => true, 'HTML.Allowed' => 'b'));
}
} }

View File

@ -34,5 +34,10 @@ class HTMLPurifier_Injector_LinkifyTest extends HTMLPurifier_InjectorHarness
} }
function testNeeded() {
$this->expectError('Cannot enable Linkify injector because a is not allowed');
$this->assertResult('http://example.com/', true, array('AutoFormat.Linkify' => true, 'HTML.Allowed' => 'b'));
}
} }

View File

@ -38,5 +38,10 @@ class HTMLPurifier_Injector_PurifierLinkifyTest extends HTMLPurifier_InjectorHar
} }
function testNeeded() {
$this->expectError('Cannot enable PurifierLinkify injector because a is not allowed');
$this->assertResult('%Namespace.Directive', true, array('AutoFormat.PurifierLinkify' => true, 'HTML.Allowed' => 'b'));
}
} }