mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-23 08:51:53 +00:00
[1.1.0] Made URI validator more forgiving: will ignore leading and trailing quotes, apostrophes and less than or greater than signs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@380 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
c6cfb68713
commit
b99573223d
4
NEWS
4
NEWS
@ -1,6 +1,10 @@
|
|||||||
NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||
|
|
||||||
|
1.1.0, unknown release date
|
||||||
|
- Made URI validator more forgiving: will ignore leading and trailing
|
||||||
|
quotes, apostrophes and less than or greater than signs.
|
||||||
|
|
||||||
1.0.1, unknown release date
|
1.0.1, unknown release date
|
||||||
- Fixed slight bug in DOMLex attribute parsing
|
- Fixed slight bug in DOMLex attribute parsing
|
||||||
- Fixed rejection of case-insensitive configuration values when there is a
|
- Fixed rejection of case-insensitive configuration values when there is a
|
||||||
|
@ -36,13 +36,13 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
|
|||||||
// for HTTP and thus won't work for our generic URI parsing
|
// for HTTP and thus won't work for our generic URI parsing
|
||||||
|
|
||||||
// according to the RFC... (but this cuts corners, i.e. non-validating)
|
// according to the RFC... (but this cuts corners, i.e. non-validating)
|
||||||
$r_URI = '!^'.
|
$r_URI = '!'.
|
||||||
'(([^:/?#<>]+):)?'. // 2. Scheme
|
'(([^:/?#<>\'"]+):)?'. // 2. Scheme
|
||||||
'(//([^/?#<>]*))?'. // 4. Authority
|
'(//([^/?#<>\'"]*))?'. // 4. Authority
|
||||||
'([^?#<>]*)'. // 5. Path
|
'([^?#<>\'"]*)'. // 5. Path
|
||||||
'(\?([^#<>]*))?'. // 7. Query
|
'(\?([^#<>\'"]*))?'. // 7. Query
|
||||||
'(#([^<>]*))?'. // 8. Fragment
|
'(#([^<>\'"]*))?'. // 8. Fragment
|
||||||
'$!';
|
'!';
|
||||||
|
|
||||||
$matches = array();
|
$matches = array();
|
||||||
$result = preg_match($r_URI, $uri, $matches);
|
$result = preg_match($r_URI, $uri, $matches);
|
||||||
|
@ -158,9 +158,15 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
|
|||||||
$uri[18] = '/a/b';
|
$uri[18] = '/a/b';
|
||||||
$components[18] = array(null, null, null, '/a/b', null);
|
$components[18] = array(null, null, null, '/a/b', null);
|
||||||
|
|
||||||
// it's not allowed, so generic URI should get it
|
// result of malformed tag, gracefully handle error
|
||||||
$uri[19] = '<';
|
$uri[19] = 'http://www.google.com/\'>"';
|
||||||
$expect_uri[19] = false;
|
$components[19] = array(null, 'www.google.com', null, '/', null);
|
||||||
|
$expect_uri[19] = 'http://www.google.com/';
|
||||||
|
|
||||||
|
// test empty
|
||||||
|
$uri[20] = '';
|
||||||
|
$components[20] = array(null, null, null, '', null);
|
||||||
|
$expect_uri[20] = '';
|
||||||
|
|
||||||
foreach ($uri as $i => $value) {
|
foreach ($uri as $i => $value) {
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user