0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-08 23:11:52 +00:00

Fix chameleon behavior with ins and del.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@145 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-03 01:03:23 +00:00
parent 19081ffdf2
commit aa249be067
5 changed files with 101 additions and 13 deletions

View File

@ -175,4 +175,32 @@ class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
} }
} }
class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
{
var $inline;
var $block;
function HTMLPurifier_ChildDef_Chameleon($inline, $block) {
$this->inline = new HTMLPurifier_ChildDef_Optional($inline);
$this->block = new HTMLPurifier_ChildDef_Optional($block);
}
function validateChildren($tokens_of_children, $context) {
switch ($context) {
case 'unknown':
case 'inline':
$result = $this->inline->validateChildren($tokens_of_children);
break;
case 'block':
$result = $this->block->validateChildren($tokens_of_children);
break;
default:
trigger_error('Invalid context', E_USER_ERROR);
return false;
}
return $result;
}
}
?> ?>

View File

@ -105,15 +105,15 @@ class HTMLPurifier_Definition
$e_misc = "$e_misc_inline"; $e_misc = "$e_misc_inline";
$e_inline = "a | $e_special | $e_fontstyle | $e_phrase". $e_inline = "a | $e_special | $e_fontstyle | $e_phrase".
" | $e_inline_forms"; " | $e_inline_forms";
$e__inline = "#PCDATA | $e_inline | $e_misc_inline";
// note the casing // note the casing
$e_Inline = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_inline". $e_Inline = new HTMLPurifier_ChildDef_Optional($e__inline);
" | $e_misc_inline");
$e_heading = 'h1|h2|h3|h4|h5|h6'; $e_heading = 'h1|h2|h3|h4|h5|h6';
$e_lists = 'ul | ol | dl'; $e_lists = 'ul | ol | dl';
$e_blocktext = 'pre | hr | blockquote | address'; $e_blocktext = 'pre | hr | blockquote | address';
$e_block = "p | $e_heading | div | $e_lists | $e_blocktext | table"; $e_block = "p | $e_heading | div | $e_lists | $e_blocktext | table";
$e_Flow = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_block". $e__flow = "#PCDATA | $e_block | $e_inline | $e_misc";
" | $e_inline | $e_misc"); $e_Flow = new HTMLPurifier_ChildDef_Optional($e__flow);
$e_a_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_special". $e_a_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | $e_special".
" | $e_fontstyle | $e_phrase | $e_inline_forms | $e_misc_inline"); " | $e_fontstyle | $e_phrase | $e_inline_forms | $e_misc_inline");
$e_pre_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | a". $e_pre_content = new HTMLPurifier_ChildDef_Optional("#PCDATA | a".
@ -123,7 +123,8 @@ class HTMLPurifier_Definition
$e_form_button_content = new HTMLPurifier_ChildDef_Optional(''); // unused $e_form_button_content = new HTMLPurifier_ChildDef_Optional(''); // unused
$this->info['ins']->child = $this->info['ins']->child =
$this->info['del']->child = $this->info['del']->child = new HTMLPurifier_ChildDef_Chameleon($e__inline, $e__flow);
$this->info['blockquote']->child= $this->info['blockquote']->child=
$this->info['dd']->child = $this->info['dd']->child =
$this->info['li']->child = $this->info['li']->child =
@ -193,6 +194,20 @@ class HTMLPurifier_Definition
$this->info['th']->child = $e_Flow; $this->info['th']->child = $e_Flow;
$this->info['td']->child = $e_Flow; $this->info['td']->child = $e_Flow;
//////////////////////////////////////////////////////////////////////
// info[]->type : defines the type of the element (block or inline)
// reuses $e_Inline and $e_block
foreach ($e_Inline->elements as $name) {
$this->info[$name]->type = 'inline';
}
$e_Block = new HTMLPurifier_ChildDef_Optional($e_block);
foreach ($e_Block->elements as $name) {
$this->info[$name]->type = 'block';
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// info[]->attr : defines allowed attributes for elements // info[]->attr : defines allowed attributes for elements
@ -249,6 +264,7 @@ class HTMLPurifier_ElementDef
var $attr = array(); var $attr = array();
var $auto_close = array(); var $auto_close = array();
var $child; var $child;
var $type = 'unknown';
} }

View File

@ -47,12 +47,27 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
// $i is index of start token // $i is index of start token
// $j is index of end token // $j is index of end token
// calculate parent information
if ($count = count($stack)) {
$parent_index = $stack[$count-1];
$parent_name = $tokens[$parent_index]->name;
$parent_def = $this->definition->info[$parent_name];
} else {
$parent_index = $parent_name = $parent_def = null;
}
// calculate context
if (isset($parent_def)) {
$context = $parent_def->type;
} else {
$context = 'unknown';
}
// DEFINITION CALL // DEFINITION CALL
$child_def = $this->definition->info[$tokens[$i]->name]->child; $child_def = $this->definition->info[$tokens[$i]->name]->child;
// have DTD child def validate children // have DTD child def validate children
$result = $child_def->validateChildren($child_tokens); $result = $child_def->validateChildren($child_tokens, $context);
// process result // process result
if ($result === true) { if ($result === true) {
@ -79,10 +94,6 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
// current node is now the next possible start node // current node is now the next possible start node
// unless it turns out that we need to do a double-check // unless it turns out that we need to do a double-check
$parent_index = $stack[count($stack)-1];
$parent_name = $tokens[$parent_index]->name;
$parent_def = $this->definition->info[$parent_name];
if (!$parent_def->child->allow_empty) { if (!$parent_def->child->allow_empty) {
// we need to do a double-check // we need to do a double-check
$i = $parent_index; $i = $parent_index;

View File

@ -16,15 +16,21 @@ class HTMLPurifier_ChildDefTest extends UnitTestCase
parent::UnitTestCase(); parent::UnitTestCase();
} }
function assertSeries($inputs, $expect, $def) { function assertSeries($inputs, $expect, $def, $context = array()) {
foreach ($inputs as $i => $input) { foreach ($inputs as $i => $input) {
$tokens = $this->lex->tokenizeHTML($input); $tokens = $this->lex->tokenizeHTML($input);
$result = $def->validateChildren($tokens);
if (isset($context[$i])) {
$result = $def->validateChildren($tokens, $context[$i]);
} else {
$result = $def->validateChildren($tokens);
}
if (is_bool($expect[$i])) { if (is_bool($expect[$i])) {
$this->assertIdentical($expect[$i], $result); $this->assertIdentical($expect[$i], $result);
} else { } else {
$result_html = $this->gen->generateFromTokens($result); $result_html = $this->gen->generateFromTokens($result);
$this->assertEqual($expect[$i], $result_html); $this->assertEqual($expect[$i], $result_html, "Test $i: %s");
paintIf($result_html, $result_html != $expect[$i]); paintIf($result_html, $result_html != $expect[$i]);
} }
} }
@ -124,6 +130,29 @@ class HTMLPurifier_ChildDefTest extends UnitTestCase
$this->assertSeries($inputs, $expect, $def); $this->assertSeries($inputs, $expect, $def);
} }
function test_chameleon() {
$def = new HTMLPurifier_ChildDef_Chameleon(
'b | i', // allowed only when in inline context
'b | i | div' // allowed only when in block context
);
$inputs[0] = '<b>Allowed.</b>';
$expect[0] = true;
$context[0] = 'inline';
$inputs[1] = '<div>Not allowed.</div>';
$expect[1] = '';
$context[1] = 'inline';
$inputs[2] = '<div>Allowed.</div>';
$expect[2] = true;
$context[2] = 'block';
$this->assertSeries($inputs, $expect, $def, $context);
}
} }
?> ?>

View File

@ -61,6 +61,10 @@ class HTMLPurifier_Strategy_FixNestingTest
$inputs[10] = '<table></table><table></table>'; $inputs[10] = '<table></table><table></table>';
$expect[10] = ''; $expect[10] = '';
// block in inline ins not allowed
$inputs[11] = '<span><ins><div>Not allowed!</div></ins></span>';
$expect[11] = '<span><ins>&lt;div&gt;Not allowed!&lt;/div&gt;</ins></span>';
$this->assertStrategyWorks($strategy, $inputs, $expect); $this->assertStrategyWorks($strategy, $inputs, $expect);
} }