mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-06 22:41:54 +00:00
MOODLE-556: Added some types for MathML attributes to restrict use of CDATA
This commit is contained in:
parent
12b1110bf6
commit
ad34dd3841
25
library/HTMLPurifier/AttrDef/MathML/Character.php
Normal file
25
library/HTMLPurifier/AttrDef/MathML/Character.php
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validates the MathML attribute character.
|
||||||
|
*/
|
||||||
|
|
||||||
|
class HTMLPurifier_AttrDef_MathML_Character extends HTMLPurifier_AttrDef
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $char
|
||||||
|
* @param HTMLPurifier_Config $config
|
||||||
|
* @param HTMLPurifier_Context $context
|
||||||
|
* @return bool|string
|
||||||
|
*/
|
||||||
|
public function validate($char, $config, $context)
|
||||||
|
{
|
||||||
|
if (mb_strlen($char) == 1 && strpos(' \t\n\r', $char) === false) {
|
||||||
|
return $char;
|
||||||
|
} elseif (preg_match('/&((#[0-9]+)|(#x[0-9A-Fa-f]+)|([0-9A-Za-z]+));/', $char)) {
|
||||||
|
return $char;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
44
library/HTMLPurifier/AttrDef/MathML/Color.php
Normal file
44
library/HTMLPurifier/AttrDef/MathML/Color.php
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validates Color as defined by MathML.
|
||||||
|
*/
|
||||||
|
class HTMLPurifier_AttrDef_MathML_Color extends HTMLPurifier_AttrDef
|
||||||
|
{
|
||||||
|
|
||||||
|
// MathML 3 only accepts HTML4 color names + transparent
|
||||||
|
static protected $colornames = array(
|
||||||
|
'aqua',
|
||||||
|
'black',
|
||||||
|
'blue',
|
||||||
|
'fuchsia',
|
||||||
|
'gray',
|
||||||
|
'green',
|
||||||
|
'lime',
|
||||||
|
'maroon',
|
||||||
|
'navy',
|
||||||
|
'olive',
|
||||||
|
'purple',
|
||||||
|
'red',
|
||||||
|
'silver',
|
||||||
|
'teal',
|
||||||
|
'white',
|
||||||
|
'yellow',
|
||||||
|
'transparent'
|
||||||
|
);
|
||||||
|
|
||||||
|
public function validate($color, $config, $context)
|
||||||
|
{
|
||||||
|
|
||||||
|
$color = trim($color);
|
||||||
|
|
||||||
|
if (preg_match('/(#[0-9A-Fa-f]{3})|(#[0-9A-Fa-f]{6})/', $color) || in_array(strtolower($color), static::$colornames)) {
|
||||||
|
return $color;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// vim: et sw=4 sts=4
|
36
library/HTMLPurifier/AttrDef/MathML/Length.php
Normal file
36
library/HTMLPurifier/AttrDef/MathML/Length.php
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validates the MathML type length (not to be confused with either HTML nor
|
||||||
|
* CSS's length).
|
||||||
|
*/
|
||||||
|
|
||||||
|
class HTMLPurifier_AttrDef_MathML_Length extends HTMLPurifier_AttrDef
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $string
|
||||||
|
* @param HTMLPurifier_Config $config
|
||||||
|
* @param HTMLPurifier_Context $context
|
||||||
|
* @return bool|string
|
||||||
|
*/
|
||||||
|
public function validate($string, $config, $context)
|
||||||
|
{
|
||||||
|
$string = $this->parseCDATA($string);
|
||||||
|
|
||||||
|
// Optimizations
|
||||||
|
if ($string === '') {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if ($string === '0') {
|
||||||
|
return '0';
|
||||||
|
}
|
||||||
|
|
||||||
|
$length = HTMLPurifier_MathMLLength::make($string);
|
||||||
|
if (!$length->isValid()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $length->toString();
|
||||||
|
}
|
||||||
|
}
|
@ -50,10 +50,23 @@ class HTMLPurifier_AttrTypes
|
|||||||
|
|
||||||
// "proprietary" types
|
// "proprietary" types
|
||||||
$this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
|
$this->info['Class'] = new HTMLPurifier_AttrDef_HTML_Class();
|
||||||
|
$this->info['CSS'] = new HTMLPurifier_AttrDef_CSS();
|
||||||
|
|
||||||
// number is really a positive integer (one or more digits)
|
// number is really a positive integer (one or more digits)
|
||||||
// FIXME: ^^ not always, see start and value of list items
|
// FIXME: ^^ not always, see start and value of list items
|
||||||
$this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
|
$this->info['Number'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
|
||||||
|
|
||||||
|
// MathML types
|
||||||
|
$this->info['MathML_ID'] = new HTMLPurifier_AttrDef_MathML_ID();
|
||||||
|
$this->info['MathML_Length'] = new HTMLPurifier_AttrDef_MathML_Length();
|
||||||
|
$this->info['MathML_UnsignedInteger'] = new HTMLPurifier_AttrDef_Integer(false, true, true);
|
||||||
|
$this->info['MathML_PositiveInteger'] = new HTMLPurifier_AttrDef_Integer(false, false, true);
|
||||||
|
$this->info['MathML_Integer'] = new HTMLPurifier_AttrDef_Integer(true, true, true);
|
||||||
|
$this->info['MathML_UnsignedNumber'] = new HTMLPurifier_AttrDef_CSS_Number(true);
|
||||||
|
$this->info['MathML_Number'] = new HTMLPurifier_AttrDef_CSS_Number(false);
|
||||||
|
$this->info['MathML_Character'] = new HTMLPurifier_AttrDef_MathML_Character();
|
||||||
|
$this->info['MathML_Color'] = new HTMLPurifier_AttrDef_MathML_Color();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static function makeEnum($in)
|
private static function makeEnum($in)
|
||||||
|
@ -82,10 +82,10 @@ class HTMLPurifier_HTMLModule_MathML extends HTMLPurifier_HTMLModule
|
|||||||
$E['XLINK.prefix'] . ':type' => 'CDATA',
|
$E['XLINK.prefix'] . ':type' => 'CDATA',
|
||||||
'xml:lang' => 'CDATA',
|
'xml:lang' => 'CDATA',
|
||||||
'xml:space' => 'Enum#default,preserve',
|
'xml:space' => 'Enum#default,preserve',
|
||||||
'id' => new HTMLPurifier_AttrDef_MathML_ID(), // MathML allows multiple elements with same ID
|
'id' => 'MathML_ID', // MathML allows multiple elements with same ID
|
||||||
'xref' => new HTMLPurifier_AttrDef_MathML_ID(),
|
'xref' => 'MathML_ID',
|
||||||
'class' => 'Class',
|
'class' => 'Class',
|
||||||
'style' => new HTMLPurifier_AttrDef_CSS(),
|
'style' => 'CSS',
|
||||||
'href' => 'URI',
|
'href' => 'URI',
|
||||||
'other' => 'CDATA',
|
'other' => 'CDATA',
|
||||||
),
|
),
|
||||||
@ -1442,16 +1442,16 @@ class HTMLPurifier_HTMLModule_MathML extends HTMLPurifier_HTMLModule
|
|||||||
$E['mpadded-length'] = 'CDATA';
|
$E['mpadded-length'] = 'CDATA';
|
||||||
$E['linestyle'] = 'Enum#none,solid,dashed';
|
$E['linestyle'] = 'Enum#none,solid,dashed';
|
||||||
$E['columnalignstyle'] = 'Enum#left,center,right';
|
$E['columnalignstyle'] = 'Enum#left,center,right';
|
||||||
$E['unsigned-integer'] = 'CDATA';
|
$E['unsigned-integer'] = 'MathML_UnsignedInteger';
|
||||||
$E['integer'] = 'CDATA';
|
$E['integer'] = 'MathML_Integer';
|
||||||
$E['number'] = 'CDATA';
|
$E['number'] = 'MathML_Number';
|
||||||
$E['character'] = 'CDATA';
|
$E['character'] = 'MathML_Character';
|
||||||
$E['color'] = 'CDATA';
|
$E['color'] = 'MathML_Color';
|
||||||
$E['positive-integer'] = 'CDATA';
|
$E['positive-integer'] = 'MathML_PositiveInteger';
|
||||||
|
|
||||||
$E['token.content'] = '#PCDATA|mglyph|malignmark';
|
$E['token.content'] = '#PCDATA|mglyph|malignmark';
|
||||||
|
|
||||||
$E['length'] = 'CDATA';
|
$E['length'] = 'MathML_Length';
|
||||||
$E['DeprecatedTokenAtt'] = array(
|
$E['DeprecatedTokenAtt'] = array(
|
||||||
'fontfamily' => 'CDATA',
|
'fontfamily' => 'CDATA',
|
||||||
'fontweight' => 'Enum#normal,bold',
|
'fontweight' => 'Enum#normal,bold',
|
||||||
@ -2167,7 +2167,8 @@ class HTMLPurifier_HTMLModule_MathML extends HTMLPurifier_HTMLModule
|
|||||||
array_merge(
|
array_merge(
|
||||||
$CCPAtt,
|
$CCPAtt,
|
||||||
array(
|
array(
|
||||||
'actiontype*' => 'CDATA',
|
// Using 'actiontype*' removes maction element altogether
|
||||||
|
'actiontype' => 'CDATA',
|
||||||
'selection' => $E['positive-integer'],
|
'selection' => $E['positive-integer'],
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -81,7 +81,8 @@ class HTMLPurifier_Length
|
|||||||
if (!ctype_lower($this->unit)) {
|
if (!ctype_lower($this->unit)) {
|
||||||
$this->unit = strtolower($this->unit);
|
$this->unit = strtolower($this->unit);
|
||||||
}
|
}
|
||||||
if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) {
|
if (!isset(static::$allowedUnits[$this->unit]) &&
|
||||||
|
!(isset(static::$allowedUnits['']) && $this->unit === false)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// Hack:
|
// Hack:
|
||||||
|
136
library/HTMLPurifier/MathMLLength.php
Normal file
136
library/HTMLPurifier/MathMLLength.php
Normal file
@ -0,0 +1,136 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a length in MathML. These admit namedspace values.
|
||||||
|
*/
|
||||||
|
class HTMLPurifier_MathMLLength extends HTMLPurifier_Length
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* One of the specified namedspaces.
|
||||||
|
* @type string
|
||||||
|
*/
|
||||||
|
protected $namedspace;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Array Lookup array of namedspaces recognized by MathML
|
||||||
|
* @type array
|
||||||
|
*/
|
||||||
|
protected static $allowedNamedspaces = array(
|
||||||
|
'veryverythinmathspace' => true,
|
||||||
|
'verythinmathspace' => true,
|
||||||
|
'thinmathspace' => true,
|
||||||
|
'mediummathspace' => true,
|
||||||
|
'thickmathspace' => true,
|
||||||
|
'verythickmathspace' => true,
|
||||||
|
'veryverythickmathspace' => true,
|
||||||
|
'negativeveryverythinmathspace' => true,
|
||||||
|
'negativeverythinmathspace' => true,
|
||||||
|
'negativethinmathspace' => true,
|
||||||
|
'negativemediummathspace' => true,
|
||||||
|
'negativethickmathspace' => true,
|
||||||
|
'negativeverythickmathspace' => true,
|
||||||
|
'negativeveryverythickmathspace' => true
|
||||||
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Array Lookup array of units recognized by MathML.
|
||||||
|
* @note This is a restriction of HTMLPurifier_Length's allowed units.
|
||||||
|
* @type array
|
||||||
|
*/
|
||||||
|
protected static $allowedUnits = array(
|
||||||
|
'em' => true, 'ex' => true, 'px' => true, 'in' => true,
|
||||||
|
'cm' => true, 'mm' => true, 'pt' => true, 'pc' => true,
|
||||||
|
'%' => true, '' => true
|
||||||
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $n Magnitude
|
||||||
|
* @param bool|string $u Unit
|
||||||
|
*/
|
||||||
|
public function __construct($n = '0', $u = false, $namedspace = '')
|
||||||
|
{
|
||||||
|
if ($namedspace) {
|
||||||
|
$this->namedspace = strtolower($namedspace);
|
||||||
|
} else {
|
||||||
|
$this->n = (string) $n;
|
||||||
|
$this->unit = $u !== false ? (string) $u : false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $s Unit string, like '2em' or '3.4in', or namedspace
|
||||||
|
* @return HTMLPurifier_MathMLLength
|
||||||
|
* @warning Does not perform validation.
|
||||||
|
*/
|
||||||
|
public static function make($s)
|
||||||
|
{
|
||||||
|
if ($s instanceof HTMLPurifier_MathMLLength) {
|
||||||
|
return $s;
|
||||||
|
}
|
||||||
|
if (isset(HTMLPurifier_MathMLLength::$allowedNamedspaces[trim($s)])) {
|
||||||
|
return new HTMLPurifier_MathMLLength('0', false, $s);
|
||||||
|
}
|
||||||
|
$length = HTMLPurifier_Length::make($s);
|
||||||
|
return new HTMLPurifier_MathMLLength($length->n, $length->unit);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Validates the number and unit or namedspace.
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
protected function validate()
|
||||||
|
{
|
||||||
|
if (isset(HTMLPurifier_MathMLLength::$allowedNamedspaces[$this->namedspace])) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return parent::validate();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns string representation of number.
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function toString()
|
||||||
|
{
|
||||||
|
if (!$this->isValid()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if ($this->namedspace) {
|
||||||
|
return $this->namedspace;
|
||||||
|
}
|
||||||
|
return parent::toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieves the namedspace.
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getNamedspace()
|
||||||
|
{
|
||||||
|
return $this->namedspace;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compares two lengths, and returns 1 if greater, -1 if less, 0 if equal
|
||||||
|
* and null if not comparable.
|
||||||
|
* @param HTMLPurifier_Length $l
|
||||||
|
* @return int
|
||||||
|
* @warning If both values are too large or small, this calculation will
|
||||||
|
* not work properly
|
||||||
|
*/
|
||||||
|
public function compareTo($l)
|
||||||
|
{
|
||||||
|
if ($l === false) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if ($this->namedspace || $l->namedspace) {
|
||||||
|
if ($this->namedspace === $l->namedspace) {
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return parent::compareTo($l);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user