[3.1.0] Add missing tests and errors for forbidden attributes

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1706 48356398-32a2-884e-a903-53898d9a118a
2024-12-22 08:21:52 +00:00 · 2008-05-13 01:41:25 +00:00 · 2008-05-13 01:41:25 +00:00 · ce46fb618c
commit ce46fb618c
parent 9f37764614
4 changed files with 32 additions and 3 deletions
--- a/1
+++ b/1
@ -39,6 +39,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - HTMLPurifier::instance() created for consistency, is equivalent to getInstance()
 - Fixed and revamped broken ConfigForm smoketest
 - Bug with bool/null fields in Printer_ConfigForm fixed
+- Bug with global forbidden attributes fixed
 - Improved error messages for allowed and forbidden HTML elements and attributes
 - Missing (or null) in configdoc documentation restored
 - If DOM throws and exception during parsing with PH5P (occurs in newer versions
--- a/5
+++ b/5
@ -11,9 +11,6 @@ If no interest is expressed for a feature that may require a considerable
 amount of effort to implement, it may get endlessly delayed. Do not be
 afraid to cast your vote for the next feature to be implemented!

- - FINISH THE DRUPAL MODULE!!!
- - Get PH5P working with the latest versions of DOM, which have much more
-   stringent error checking procedures. Maybe convert straight to tokens.
 - Figure out what to do with $this->config configuration object calls
   in the scanner
 - Quick optimizations for empty strings and strings without HTML (make sure
@ -87,6 +84,8 @@ AutoFormat
 Optimizations
 - Reduce size of internal data-structures (esp. HTMLDefinition)
 - Combine multiple strategies into a single, single-pass strategy
+ - Get PH5P working with the latest versions of DOM, which have much more
+   stringent error checking procedures. Maybe convert straight to tokens.

 Neat feature related
 ! Factor demo.php into a set of Printer classes, and then create a stub
--- a/library/HTMLPurifier/HTMLDefinition.php
+++ b/library/HTMLPurifier/HTMLDefinition.php
@ -348,6 +348,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
                }
            }
        }
+        foreach ($forbidden_attributes as $key => $v) {
+            if (strlen($key) < 2) continue;
+            if ($key[0] != '*') continue;
+            if ($key[1] == '.') {
+                trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING);
+            }
+        }
        
    }
    
--- a/tests/HTMLPurifier/HTMLDefinitionTest.php
+++ b/tests/HTMLPurifier/HTMLDefinitionTest.php
@ -214,6 +214,28 @@ a[href|title]
        $this->assertPurification('<b style="float:left;">Test</b>');
    }
    
+    function test_ForbiddenAttributes_incorrectGlobalSyntax() {
+        $this->config->set('HTML', 'ForbiddenAttributes', '*.style');
+        $this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
+        $this->assertPurification('<b style="float:left;">Test</b>');
+    }
+    
+    function assertPurification_ForbiddenAttributes_style() {
+        $this->assertPurification(
+            '<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
+            '<b class="foo">b</b><i>i</i>');
+    }
+    
+    function test_ForbiddenAttributes_global() {
+        $this->config->set('HTML', 'ForbiddenAttributes', 'style');
+        $this->assertPurification_ForbiddenAttributes_style();
+    }
+    
+    function test_ForbiddenAttributes_globalVerboseFormat() {
+        $this->config->set('HTML', 'ForbiddenAttributes', '*@style');
+        $this->assertPurification_ForbiddenAttributes_style();
+    }
+    
    function test_addAttribute() {
        
        $config = HTMLPurifier_Config::create(array(