[3.1.0] Add missing tests and errors for forbidden attributes

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1706 48356398-32a2-884e-a903-53898d9a118a

NEWS

@@ -39,6 +39,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - HTMLPurifier::instance() created for consistency, is equivalent to getInstance()
 - Fixed and revamped broken ConfigForm smoketest
 - Bug with bool/null fields in Printer_ConfigForm fixed
+- Bug with global forbidden attributes fixed
 - Improved error messages for allowed and forbidden HTML elements and attributes
 - Missing (or null) in configdoc documentation restored
 - If DOM throws and exception during parsing with PH5P (occurs in newer versions

TODO

@@ -11,9 +11,6 @@ If no interest is expressed for a feature that may require a considerable
 amount of effort to implement, it may get endlessly delayed. Do not be
 afraid to cast your vote for the next feature to be implemented!
 
- - FINISH THE DRUPAL MODULE!!!
- - Get PH5P working with the latest versions of DOM, which have much more
-   stringent error checking procedures. Maybe convert straight to tokens.
  - Figure out what to do with $this->config configuration object calls
    in the scanner
  - Quick optimizations for empty strings and strings without HTML (make sure
@@ -87,6 +84,8 @@ AutoFormat
 Optimizations
  - Reduce size of internal data-structures (esp. HTMLDefinition)
  - Combine multiple strategies into a single, single-pass strategy
+ - Get PH5P working with the latest versions of DOM, which have much more
+   stringent error checking procedures. Maybe convert straight to tokens.
 
 Neat feature related
  ! Factor demo.php into a set of Printer classes, and then create a stub

library/HTMLPurifier/HTMLDefinition.php

@@ -348,6 +348,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
                 }
             }
         }
+        foreach ($forbidden_attributes as $key => $v) {
+            if (strlen($key) < 2) continue;
+            if ($key[0] != '*') continue;
+            if ($key[1] == '.') {
+                trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING);
+            }
+        }
         
     }
     

tests/HTMLPurifier/HTMLDefinitionTest.php

@@ -214,6 +214,28 @@ a[href|title]
         $this->assertPurification('<b style="float:left;">Test</b>');
     }
     
+    function test_ForbiddenAttributes_incorrectGlobalSyntax() {
+        $this->config->set('HTML', 'ForbiddenAttributes', '*.style');
+        $this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
+        $this->assertPurification('<b style="float:left;">Test</b>');
+    }
+    
+    function assertPurification_ForbiddenAttributes_style() {
+        $this->assertPurification(
+            '<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
+            '<b class="foo">b</b><i>i</i>');
+    }
+    
+    function test_ForbiddenAttributes_global() {
+        $this->config->set('HTML', 'ForbiddenAttributes', 'style');
+        $this->assertPurification_ForbiddenAttributes_style();
+    }
+    
+    function test_ForbiddenAttributes_globalVerboseFormat() {
+        $this->config->set('HTML', 'ForbiddenAttributes', '*@style');
+        $this->assertPurification_ForbiddenAttributes_style();
+    }
+    
     function test_addAttribute() {
         
         $config = HTMLPurifier_Config::create(array(