0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00

[3.1.0] Add missing tests and errors for forbidden attributes

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1706 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-05-13 01:41:25 +00:00
parent 9f37764614
commit ce46fb618c
4 changed files with 32 additions and 3 deletions

1
NEWS
View File

@ -39,6 +39,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- HTMLPurifier::instance() created for consistency, is equivalent to getInstance()
- Fixed and revamped broken ConfigForm smoketest
- Bug with bool/null fields in Printer_ConfigForm fixed
- Bug with global forbidden attributes fixed
- Improved error messages for allowed and forbidden HTML elements and attributes
- Missing (or null) in configdoc documentation restored
- If DOM throws and exception during parsing with PH5P (occurs in newer versions

5
TODO
View File

@ -11,9 +11,6 @@ If no interest is expressed for a feature that may require a considerable
amount of effort to implement, it may get endlessly delayed. Do not be
afraid to cast your vote for the next feature to be implemented!
- FINISH THE DRUPAL MODULE!!!
- Get PH5P working with the latest versions of DOM, which have much more
stringent error checking procedures. Maybe convert straight to tokens.
- Figure out what to do with $this->config configuration object calls
in the scanner
- Quick optimizations for empty strings and strings without HTML (make sure
@ -87,6 +84,8 @@ AutoFormat
Optimizations
- Reduce size of internal data-structures (esp. HTMLDefinition)
- Combine multiple strategies into a single, single-pass strategy
- Get PH5P working with the latest versions of DOM, which have much more
stringent error checking procedures. Maybe convert straight to tokens.
Neat feature related
! Factor demo.php into a set of Printer classes, and then create a stub

View File

@ -348,6 +348,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
}
}
}
foreach ($forbidden_attributes as $key => $v) {
if (strlen($key) < 2) continue;
if ($key[0] != '*') continue;
if ($key[1] == '.') {
trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING);
}
}
}

View File

@ -214,6 +214,28 @@ a[href|title]
$this->assertPurification('<b style="float:left;">Test</b>');
}
function test_ForbiddenAttributes_incorrectGlobalSyntax() {
$this->config->set('HTML', 'ForbiddenAttributes', '*.style');
$this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
$this->assertPurification('<b style="float:left;">Test</b>');
}
function assertPurification_ForbiddenAttributes_style() {
$this->assertPurification(
'<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
'<b class="foo">b</b><i>i</i>');
}
function test_ForbiddenAttributes_global() {
$this->config->set('HTML', 'ForbiddenAttributes', 'style');
$this->assertPurification_ForbiddenAttributes_style();
}
function test_ForbiddenAttributes_globalVerboseFormat() {
$this->config->set('HTML', 'ForbiddenAttributes', '*@style');
$this->assertPurification_ForbiddenAttributes_style();
}
function test_addAttribute() {
$config = HTMLPurifier_Config::create(array(