0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00

Fix rgb in border attribute with spaces, fixes #30.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
This commit is contained in:
Edward Z. Yang 2014-08-31 11:23:18 +01:00
parent 39d3df1fd7
commit cd60294ada
3 changed files with 5 additions and 1 deletions

2
NEWS
View File

@ -20,6 +20,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- Don't truncate upon encountering </div> when using DOMLex. Thanks
Myrto Christina for finally convincing me to fix this.
- Update YouTube filter for new code.
- Fix parsing of rgb() values with spaces in them for 'border'
attribute.
4.6.0, released 2013-11-30
# Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret).

View File

@ -44,7 +44,7 @@ class HTMLPurifier_AttrDef_CSS_Multiple extends HTMLPurifier_AttrDef
*/
public function validate($string, $config, $context)
{
$string = $this->parseCDATA($string);
$string = $this->mungeRgb($this->parseCDATA($string));
if ($string === '') {
return false;
}

View File

@ -83,6 +83,8 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
$this->assertDef('background-position:left 90%;');
$this->assertDef('border-spacing:1em;');
$this->assertDef('border-spacing:1em 2em;');
$this->assertDef('border-color: rgb(0, 0, 0) rgb(10,0,10)', 'border-color:rgb(0,0,0) rgb(10,0,10);');
$this->assertDef('border: rgb(0, 0, 0)', 'border:rgb(0,0,0);');
// duplicates
$this->assertDef('text-align:right;text-align:left;',