0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 08:51:53 +00:00

[1.1.0] Made URI validator more forgiving: will ignore leading and trailing quotes, apostrophes and less than or greater than signs.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@380 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-09-04 02:31:27 +00:00
parent c6cfb68713
commit b99573223d
3 changed files with 20 additions and 10 deletions

4
NEWS
View File

@ -1,6 +1,10 @@
NEWS ( CHANGELOG and HISTORY ) HTMLPurifier NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1.1.0, unknown release date
- Made URI validator more forgiving: will ignore leading and trailing
quotes, apostrophes and less than or greater than signs.
1.0.1, unknown release date 1.0.1, unknown release date
- Fixed slight bug in DOMLex attribute parsing - Fixed slight bug in DOMLex attribute parsing
- Fixed rejection of case-insensitive configuration values when there is a - Fixed rejection of case-insensitive configuration values when there is a

View File

@ -36,13 +36,13 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
// for HTTP and thus won't work for our generic URI parsing // for HTTP and thus won't work for our generic URI parsing
// according to the RFC... (but this cuts corners, i.e. non-validating) // according to the RFC... (but this cuts corners, i.e. non-validating)
$r_URI = '!^'. $r_URI = '!'.
'(([^:/?#<>]+):)?'. // 2. Scheme '(([^:/?#<>\'"]+):)?'. // 2. Scheme
'(//([^/?#<>]*))?'. // 4. Authority '(//([^/?#<>\'"]*))?'. // 4. Authority
'([^?#<>]*)'. // 5. Path '([^?#<>\'"]*)'. // 5. Path
'(\?([^#<>]*))?'. // 7. Query '(\?([^#<>\'"]*))?'. // 7. Query
'(#([^<>]*))?'. // 8. Fragment '(#([^<>\'"]*))?'. // 8. Fragment
'$!'; '!';
$matches = array(); $matches = array();
$result = preg_match($r_URI, $uri, $matches); $result = preg_match($r_URI, $uri, $matches);

View File

@ -158,9 +158,15 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
$uri[18] = '/a/b'; $uri[18] = '/a/b';
$components[18] = array(null, null, null, '/a/b', null); $components[18] = array(null, null, null, '/a/b', null);
// it's not allowed, so generic URI should get it // result of malformed tag, gracefully handle error
$uri[19] = '<'; $uri[19] = 'http://www.google.com/\'>"';
$expect_uri[19] = false; $components[19] = array(null, 'www.google.com', null, '/', null);
$expect_uri[19] = 'http://www.google.com/';
// test empty
$uri[20] = '';
$components[20] = array(null, null, null, '', null);
$expect_uri[20] = '';
foreach ($uri as $i => $value) { foreach ($uri as $i => $value) {