[1.6.0] Implement ID regexp matching.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@926 48356398-32a2-884e-a903-53898d9a118a

NEWS

@@ -10,16 +10,17 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ==========================
 
 1.6.0, unknown release date
-! Support for all deprecated attributes via attribute transformations
+! Support for most common deprecated attributes via transformations:
   + bgcolor in td, th, tr and table
   + border in img
   + name in a and img
   + width in td, th and hr
   + height in td, th
-  + (incomplete)
 ! Support for CSS attribute 'height' added
 ! Support for rel and rev attributes in a tags added, use %Attr.AllowedRel
   and %Attr.AllowedRev to activate
+- You can define ID blacklists using regular expressions via
+  %Attr.IDBlacklistRegexp
 
 1.5.1, unknown release date
 - Fix segfault in unit test. The problem is not very reproduceable and

TODO

@@ -8,7 +8,6 @@ TODO List
 ==========================
 
 1.6 release [Long Overdue]
- - Regexp matching for IDs
  - More user-friendly warnings when %HTML.Allow* attempts to specify a
    tag or attribute that is not supported
 

library/HTMLPurifier/AttrDef/HTML/ID.php

@@ -43,6 +43,14 @@ HTMLPurifier_ConfigSchema::define(
     'is set to a non-empty value! This directive was available since 1.2.0.'
 );
 
+HTMLPurifier_ConfigSchema::define(
+    'Attr', 'IDBlacklistRegexp', null, 'string/null',
+    'PCRE regular expression to be matched against all IDs. If the expression '.
+    'is matches, the ID is rejected. Use this with care: may cause '.
+    'significant degradation. ID matching is done after all other '.
+    'validation. This directive was available since 1.6.0.'
+);
+
 /**
  * Validates the HTML attribute ID.
  * @warning Even though this is the id processor, it
@@ -94,6 +102,11 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
             $result = ($trim === '');
         }
         
+        $regexp = $config->get('Attr', 'IDBlacklistRegexp');
+        if ($regexp && preg_match($regexp, $id)) {
+            return false;
+        }
+        
         if (/*!$this->ref && */$result) $id_accumulator->add($id);
         
         // if no change was made to the ID, return the result

library/HTMLPurifier/AttrDef/HTML/LinkTypes.php

@@ -6,14 +6,15 @@ HTMLPurifier_ConfigSchema::define(
     'Attr', 'AllowedRel', array(), 'lookup',
     'List of allowed forward document relationships in the rel attribute. '.
     'Common values may be nofollow or print. By default, this is empty, '.
-    'meaning that no document relationships are allowed.'
+    'meaning that no document relationships are allowed. This directive '.
+    'was available since 1.6.0.'
 );
 
 HTMLPurifier_ConfigSchema::define(
     'Attr', 'AllowedRev', array(), 'lookup',
     'List of allowed reverse document relationships in the rev attribute. '.
     'This attribute is a bit of an edge-case; if you don\'t know what it '.
-    'is for, stay away.'
+    'is for, stay away. This directive was available since 1.6.0.'
 );
 
 /**

tests/HTMLPurifier/AttrDef/HTML/IDTest.php

@@ -95,6 +95,15 @@ class HTMLPurifier_AttrDef_HTML_IDTest extends HTMLPurifier_AttrDefHarness
         
     }
     
+    function testRegexp() {
+        
+        $this->config->set('Attr', 'IDBlacklistRegexp', '/^g_/');
+        
+        $this->assertDef('good_id');
+        $this->assertDef('g_bad_id', false);
+        
+    }
+    
 }
 
 ?>