mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-18 11:41:52 +00:00
[1.6.0] Implement ID regexp matching.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@926 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
2c9e041b4c
commit
b15e8c344e
5
NEWS
5
NEWS
@ -10,16 +10,17 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
==========================
|
==========================
|
||||||
|
|
||||||
1.6.0, unknown release date
|
1.6.0, unknown release date
|
||||||
! Support for all deprecated attributes via attribute transformations
|
! Support for most common deprecated attributes via transformations:
|
||||||
+ bgcolor in td, th, tr and table
|
+ bgcolor in td, th, tr and table
|
||||||
+ border in img
|
+ border in img
|
||||||
+ name in a and img
|
+ name in a and img
|
||||||
+ width in td, th and hr
|
+ width in td, th and hr
|
||||||
+ height in td, th
|
+ height in td, th
|
||||||
+ (incomplete)
|
|
||||||
! Support for CSS attribute 'height' added
|
! Support for CSS attribute 'height' added
|
||||||
! Support for rel and rev attributes in a tags added, use %Attr.AllowedRel
|
! Support for rel and rev attributes in a tags added, use %Attr.AllowedRel
|
||||||
and %Attr.AllowedRev to activate
|
and %Attr.AllowedRev to activate
|
||||||
|
- You can define ID blacklists using regular expressions via
|
||||||
|
%Attr.IDBlacklistRegexp
|
||||||
|
|
||||||
1.5.1, unknown release date
|
1.5.1, unknown release date
|
||||||
- Fix segfault in unit test. The problem is not very reproduceable and
|
- Fix segfault in unit test. The problem is not very reproduceable and
|
||||||
|
1
TODO
1
TODO
@ -8,7 +8,6 @@ TODO List
|
|||||||
==========================
|
==========================
|
||||||
|
|
||||||
1.6 release [Long Overdue]
|
1.6 release [Long Overdue]
|
||||||
- Regexp matching for IDs
|
|
||||||
- More user-friendly warnings when %HTML.Allow* attempts to specify a
|
- More user-friendly warnings when %HTML.Allow* attempts to specify a
|
||||||
tag or attribute that is not supported
|
tag or attribute that is not supported
|
||||||
|
|
||||||
|
@ -43,6 +43,14 @@ HTMLPurifier_ConfigSchema::define(
|
|||||||
'is set to a non-empty value! This directive was available since 1.2.0.'
|
'is set to a non-empty value! This directive was available since 1.2.0.'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
HTMLPurifier_ConfigSchema::define(
|
||||||
|
'Attr', 'IDBlacklistRegexp', null, 'string/null',
|
||||||
|
'PCRE regular expression to be matched against all IDs. If the expression '.
|
||||||
|
'is matches, the ID is rejected. Use this with care: may cause '.
|
||||||
|
'significant degradation. ID matching is done after all other '.
|
||||||
|
'validation. This directive was available since 1.6.0.'
|
||||||
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validates the HTML attribute ID.
|
* Validates the HTML attribute ID.
|
||||||
* @warning Even though this is the id processor, it
|
* @warning Even though this is the id processor, it
|
||||||
@ -94,6 +102,11 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
|
|||||||
$result = ($trim === '');
|
$result = ($trim === '');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$regexp = $config->get('Attr', 'IDBlacklistRegexp');
|
||||||
|
if ($regexp && preg_match($regexp, $id)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (/*!$this->ref && */$result) $id_accumulator->add($id);
|
if (/*!$this->ref && */$result) $id_accumulator->add($id);
|
||||||
|
|
||||||
// if no change was made to the ID, return the result
|
// if no change was made to the ID, return the result
|
||||||
|
@ -6,14 +6,15 @@ HTMLPurifier_ConfigSchema::define(
|
|||||||
'Attr', 'AllowedRel', array(), 'lookup',
|
'Attr', 'AllowedRel', array(), 'lookup',
|
||||||
'List of allowed forward document relationships in the rel attribute. '.
|
'List of allowed forward document relationships in the rel attribute. '.
|
||||||
'Common values may be nofollow or print. By default, this is empty, '.
|
'Common values may be nofollow or print. By default, this is empty, '.
|
||||||
'meaning that no document relationships are allowed.'
|
'meaning that no document relationships are allowed. This directive '.
|
||||||
|
'was available since 1.6.0.'
|
||||||
);
|
);
|
||||||
|
|
||||||
HTMLPurifier_ConfigSchema::define(
|
HTMLPurifier_ConfigSchema::define(
|
||||||
'Attr', 'AllowedRev', array(), 'lookup',
|
'Attr', 'AllowedRev', array(), 'lookup',
|
||||||
'List of allowed reverse document relationships in the rev attribute. '.
|
'List of allowed reverse document relationships in the rev attribute. '.
|
||||||
'This attribute is a bit of an edge-case; if you don\'t know what it '.
|
'This attribute is a bit of an edge-case; if you don\'t know what it '.
|
||||||
'is for, stay away.'
|
'is for, stay away. This directive was available since 1.6.0.'
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -95,6 +95,15 @@ class HTMLPurifier_AttrDef_HTML_IDTest extends HTMLPurifier_AttrDefHarness
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testRegexp() {
|
||||||
|
|
||||||
|
$this->config->set('Attr', 'IDBlacklistRegexp', '/^g_/');
|
||||||
|
|
||||||
|
$this->assertDef('good_id');
|
||||||
|
$this->assertDef('g_bad_id', false);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
Loading…
Reference in New Issue
Block a user