mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
[3.1.0] Add missing tests and errors for forbidden attributes
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1706 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
9f37764614
commit
ce46fb618c
1
NEWS
1
NEWS
@ -39,6 +39,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
- HTMLPurifier::instance() created for consistency, is equivalent to getInstance()
|
||||
- Fixed and revamped broken ConfigForm smoketest
|
||||
- Bug with bool/null fields in Printer_ConfigForm fixed
|
||||
- Bug with global forbidden attributes fixed
|
||||
- Improved error messages for allowed and forbidden HTML elements and attributes
|
||||
- Missing (or null) in configdoc documentation restored
|
||||
- If DOM throws and exception during parsing with PH5P (occurs in newer versions
|
||||
|
5
TODO
5
TODO
@ -11,9 +11,6 @@ If no interest is expressed for a feature that may require a considerable
|
||||
amount of effort to implement, it may get endlessly delayed. Do not be
|
||||
afraid to cast your vote for the next feature to be implemented!
|
||||
|
||||
- FINISH THE DRUPAL MODULE!!!
|
||||
- Get PH5P working with the latest versions of DOM, which have much more
|
||||
stringent error checking procedures. Maybe convert straight to tokens.
|
||||
- Figure out what to do with $this->config configuration object calls
|
||||
in the scanner
|
||||
- Quick optimizations for empty strings and strings without HTML (make sure
|
||||
@ -87,6 +84,8 @@ AutoFormat
|
||||
Optimizations
|
||||
- Reduce size of internal data-structures (esp. HTMLDefinition)
|
||||
- Combine multiple strategies into a single, single-pass strategy
|
||||
- Get PH5P working with the latest versions of DOM, which have much more
|
||||
stringent error checking procedures. Maybe convert straight to tokens.
|
||||
|
||||
Neat feature related
|
||||
! Factor demo.php into a set of Printer classes, and then create a stub
|
||||
|
@ -348,6 +348,13 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
||||
}
|
||||
}
|
||||
}
|
||||
foreach ($forbidden_attributes as $key => $v) {
|
||||
if (strlen($key) < 2) continue;
|
||||
if ($key[0] != '*') continue;
|
||||
if ($key[1] == '.') {
|
||||
trigger_error("Error with $key: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead", E_USER_WARNING);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
@ -214,6 +214,28 @@ a[href|title]
|
||||
$this->assertPurification('<b style="float:left;">Test</b>');
|
||||
}
|
||||
|
||||
function test_ForbiddenAttributes_incorrectGlobalSyntax() {
|
||||
$this->config->set('HTML', 'ForbiddenAttributes', '*.style');
|
||||
$this->expectError("Error with *.style: *.attr syntax not supported for HTML.ForbiddenAttributes; use attr instead");
|
||||
$this->assertPurification('<b style="float:left;">Test</b>');
|
||||
}
|
||||
|
||||
function assertPurification_ForbiddenAttributes_style() {
|
||||
$this->assertPurification(
|
||||
'<b class="foo" style="float:left;">b</b><i style="float:left;">i</i>',
|
||||
'<b class="foo">b</b><i>i</i>');
|
||||
}
|
||||
|
||||
function test_ForbiddenAttributes_global() {
|
||||
$this->config->set('HTML', 'ForbiddenAttributes', 'style');
|
||||
$this->assertPurification_ForbiddenAttributes_style();
|
||||
}
|
||||
|
||||
function test_ForbiddenAttributes_globalVerboseFormat() {
|
||||
$this->config->set('HTML', 'ForbiddenAttributes', '*@style');
|
||||
$this->assertPurification_ForbiddenAttributes_style();
|
||||
}
|
||||
|
||||
function test_addAttribute() {
|
||||
|
||||
$config = HTMLPurifier_Config::create(array(
|
||||
|
Loading…
Reference in New Issue
Block a user