mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-18 11:41:52 +00:00
Code Releases Activity

[3.1.1] Lazy token updating for HTMLPurifier/AttrValidator.php

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1757 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-05-21 02:30:27 +00:00
parent 5620241165
commit af3f5190dc
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -12,6 +12,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
3.1.1, unknown release date 3.1.1, unknown release date
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength. ! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength.
- Disable percent height/width attributes for img - Disable percent height/width attributes for img
- AttrValidator operations are now atomic; updates to attributes are not
manifest in token until end of operations. This prevents naughty internal
code from directly modifying CurrentToken when they're not supposed to.
. Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient . Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
this class. this class.

5
TODO
View File

@ -12,9 +12,8 @@ amount of effort to implement, it may get endlessly delayed. Do not be
afraid to cast your vote for the next feature to be implemented! afraid to cast your vote for the next feature to be implemented!
- Implement validation for query and for fragment - Implement validation for query and for fragment
- Prevent percentages from being used in width/height attribute in images - Ability to fully turn off imagecrash fixes (attribute and CSS will require
- Maintain old attribute data in tokens (configurable?) two separate directives due to our architecture.)
- Lazy update of token when validating attributes?
- Investigate how early internal structures can be accessed; this would - Investigate how early internal structures can be accessed; this would
prevent structures from being parsed and serialized multiple times. prevent structures from being parsed and serialized multiple times.

6
library/HTMLPurifier/AttrValidator.php
View File

@ -43,8 +43,8 @@ class HTMLPurifier_AttrValidator
// DEFINITION CALL // DEFINITION CALL
$d_defs = $definition->info_global_attr; $d_defs = $definition->info_global_attr;
// reference attributes for easy manipulation // don't update token until the very end, to ensure an atomic update
$attr =& $token->attr; $attr = $token->attr;
// do global transformations (pre) // do global transformations (pre)
// nothing currently utilizes this // nothing currently utilizes this
@ -139,6 +139,8 @@ class HTMLPurifier_AttrValidator
if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr); if ($e && ($attr != $o)) $e->send(E_NOTICE, 'AttrValidator: Attributes transformed', $o, $attr);
} }
$token->attr = $attr;
// destroy CurrentToken if we made it ourselves // destroy CurrentToken if we made it ourselves
if (!$current_token) $context->destroy('CurrentToken'); if (!$current_token) $context->destroy('CurrentToken');