mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
Add initial implementation of CSS.Trusted.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
parent
598c5b60c9
commit
cfc4ee1faf
2
NEWS
2
NEWS
@ -12,6 +12,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
4.2.1, unknown release date
|
4.2.1, unknown release date
|
||||||
! Added %HTML.Nofollow to add rel="nofollow" to external links.
|
! Added %HTML.Nofollow to add rel="nofollow" to external links.
|
||||||
! More types of SPL autoloaders allowed on later versions of PHP.
|
! More types of SPL autoloaders allowed on later versions of PHP.
|
||||||
|
! Implementations for position, top, left, right, bottom, z-index
|
||||||
|
when %CSS.Trusted is on.
|
||||||
- Make removal of conditional IE comments ungreedy; thanks Bernd
|
- Make removal of conditional IE comments ungreedy; thanks Bernd
|
||||||
for reporting.
|
for reporting.
|
||||||
- Escape CDATA before removing Internet Explorer comments.
|
- Escape CDATA before removing Internet Explorer comments.
|
||||||
|
@ -32,19 +32,24 @@
|
|||||||
<line>218</line>
|
<line>218</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="CSS.AllowImportant">
|
<directive id="CSS.Trusted">
|
||||||
<file name="HTMLPurifier/CSSDefinition.php">
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
<line>222</line>
|
<line>222</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
|
<directive id="CSS.AllowImportant">
|
||||||
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
|
<line>226</line>
|
||||||
|
</file>
|
||||||
|
</directive>
|
||||||
<directive id="CSS.AllowedProperties">
|
<directive id="CSS.AllowedProperties">
|
||||||
<file name="HTMLPurifier/CSSDefinition.php">
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
<line>275</line>
|
<line>296</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="CSS.ForbiddenProperties">
|
<directive id="CSS.ForbiddenProperties">
|
||||||
<file name="HTMLPurifier/CSSDefinition.php">
|
<file name="HTMLPurifier/CSSDefinition.php">
|
||||||
<line>289</line>
|
<line>310</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="Cache.DefinitionImpl">
|
<directive id="Cache.DefinitionImpl">
|
||||||
|
@ -219,6 +219,10 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
|||||||
$this->doSetupTricky($config);
|
$this->doSetupTricky($config);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($config->get('CSS.Trusted')) {
|
||||||
|
$this->doSetupTrusted($config);
|
||||||
|
}
|
||||||
|
|
||||||
$allow_important = $config->get('CSS.AllowImportant');
|
$allow_important = $config->get('CSS.AllowImportant');
|
||||||
// wrap all attr-defs with decorator that handles !important
|
// wrap all attr-defs with decorator that handles !important
|
||||||
foreach ($this->info as $k => $v) {
|
foreach ($this->info as $k => $v) {
|
||||||
@ -260,6 +264,23 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
|||||||
$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
|
$this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function doSetupTrusted($config) {
|
||||||
|
$this->info['position'] = new HTMLPurifier_AttrDef_Enum(array(
|
||||||
|
'static', 'relative', 'absolute', 'fixed'
|
||||||
|
));
|
||||||
|
$this->info['top'] =
|
||||||
|
$this->info['left'] =
|
||||||
|
$this->info['right'] =
|
||||||
|
$this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||||
|
new HTMLPurifier_AttrDef_CSS_Length(),
|
||||||
|
new HTMLPurifier_AttrDef_CSS_Percentage(),
|
||||||
|
new HTMLPurifier_AttrDef_Enum(array('auto')),
|
||||||
|
));
|
||||||
|
$this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
|
||||||
|
new HTMLPurifier_AttrDef_Integer(),
|
||||||
|
new HTMLPurifier_AttrDef_Enum(array('auto')),
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Performs extra config-based processing. Based off of
|
* Performs extra config-based processing. Based off of
|
||||||
|
Binary file not shown.
9
library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
Normal file
9
library/HTMLPurifier/ConfigSchema/schema/CSS.Trusted.txt
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
CSS.Trusted
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 4.2.1
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
Indicates whether or not the user's CSS input is trusted or not. If the
|
||||||
|
input is trusted, a more expansive set of allowed properties. See
|
||||||
|
also %HTML.Trusted.
|
||||||
|
--# vim: et sw=4 sts=4
|
@ -5,4 +5,5 @@ DEFAULT: false
|
|||||||
--DESCRIPTION--
|
--DESCRIPTION--
|
||||||
Indicates whether or not the user input is trusted or not. If the input is
|
Indicates whether or not the user input is trusted or not. If the input is
|
||||||
trusted, a more expansive set of allowed tags and attributes will be used.
|
trusted, a more expansive set of allowed tags and attributes will be used.
|
||||||
|
See also %CSS.Trusted.
|
||||||
--# vim: et sw=4 sts=4
|
--# vim: et sw=4 sts=4
|
||||||
|
@ -150,6 +150,15 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
|
|||||||
$this->assertDef('text-align:right;');
|
$this->assertDef('text-align:right;');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testTrusted() {
|
||||||
|
$this->config->set('CSS.Trusted', true);
|
||||||
|
$this->assertDef('position:relative;');
|
||||||
|
$this->assertDef('left:2px;');
|
||||||
|
$this->assertDef('right:100%;');
|
||||||
|
$this->assertDef('top:auto;');
|
||||||
|
$this->assertDef('z-index:-2;');
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// vim: et sw=4 sts=4
|
// vim: et sw=4 sts=4
|
||||||
|
Loading…
Reference in New Issue
Block a user