From c67e4c2f7e06f89ca0eb4ce72b191144e40dc3ef Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Wed, 11 Feb 2015 16:36:44 -0800 Subject: [PATCH] All values, including empty, are valid HTML bools. Signed-off-by: Edward Z. Yang --- NEWS | 2 ++ library/HTMLPurifier/AttrDef/HTML/Bool.php | 3 --- tests/HTMLPurifier/AttrDef/HTML/BoolTest.php | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 0b4eeea6..7b8e6172 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier - Update YouTube filter for new code. - Fix parsing of rgb() values with spaces in them for 'border' attribute. +- Don't remove foo="" attributes if foo is a boolean attribute. Thanks + valME for reporting. 4.6.0, released 2013-11-30 # Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret). diff --git a/library/HTMLPurifier/AttrDef/HTML/Bool.php b/library/HTMLPurifier/AttrDef/HTML/Bool.php index 036a240e..dea15d2c 100644 --- a/library/HTMLPurifier/AttrDef/HTML/Bool.php +++ b/library/HTMLPurifier/AttrDef/HTML/Bool.php @@ -32,9 +32,6 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef */ public function validate($string, $config, $context) { - if (empty($string)) { - return false; - } return $this->name; } diff --git a/tests/HTMLPurifier/AttrDef/HTML/BoolTest.php b/tests/HTMLPurifier/AttrDef/HTML/BoolTest.php index ca790327..8d05f03a 100644 --- a/tests/HTMLPurifier/AttrDef/HTML/BoolTest.php +++ b/tests/HTMLPurifier/AttrDef/HTML/BoolTest.php @@ -7,7 +7,7 @@ class HTMLPurifier_AttrDef_HTML_BoolTest extends HTMLPurifier_AttrDefHarness { $this->def = new HTMLPurifier_AttrDef_HTML_Bool('foo'); $this->assertDef('foo'); - $this->assertDef('', false); + $this->assertDef('', 'foo'); $this->assertDef('bar', 'foo'); }