Fix #73 with Attr.ID.HTML5

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>

NEWS

@@ -21,6 +21,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! Partial support for 'border-radius' properties when %CSS.AllowProprietary is true.
   The slash syntax, i.e., 'border-radius: 2em 1em 4em / 0.5em 3em' is not
   yet supported.
+! %Attr.ID.HTML5 turns on HTML5-style ID handling.
 - alt truncation could result in malformed UTF-8 sequence. Don't
   truncate.  Thanks Brandon Farber for reporting.
 - Linkify regex is smarter, based off of Gruber's regex.

configdoc/usage.xml

@@ -355,9 +355,14 @@
    <line>58</line>
   </file>
  </directive>
+ <directive id="Attr.ID.HTML5">
+  <file name="HTMLPurifier/AttrDef/HTML/ID.php">
+   <line>75</line>
+  </file>
+ </directive>
  <directive id="Attr.IDBlacklistRegexp">
   <file name="HTMLPurifier/AttrDef/HTML/ID.php">
-   <line>89</line>
+   <line>97</line>
   </file>
  </directive>
  <directive id="Attr.">

library/HTMLPurifier/AttrDef/HTML/ID.php

@@ -72,18 +72,26 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
 
         // we purposely avoid using regex, hopefully this is faster
 
-        if (ctype_alpha($id)) {
+        if ($config->get('Attr.ID.HTML5') === true) {
-            $result = true;
+            if (preg_match('/[\t\n\x0b\x0c ]/', $id)) {
-        } else {
-            if (!ctype_alpha(@$id[0])) {
                 return false;
             }
-            // primitive style of regexps, I suppose
+        } else {
-            $trim = trim(
+            if (ctype_alpha($id)) {
-                $id,
+                // OK
-                'A..Za..z0..9:-._'
+            } else {
-            );
+                if (!ctype_alpha(@$id[0])) {
-            $result = ($trim === '');
+                    return false;
+                }
+                // primitive style of regexps, I suppose
+                $trim = trim(
+                    $id,
+                    'A..Za..z0..9:-._'
+                );
+                if ($trim !== '') {
+                    return false;
+                }
+            }
         }
 
         $regexp = $config->get('Attr.IDBlacklistRegexp');
@@ -91,14 +99,14 @@ class HTMLPurifier_AttrDef_HTML_ID extends HTMLPurifier_AttrDef
             return false;
         }
 
-        if (!$this->selector && $result) {
+        if (!$this->selector) {
             $id_accumulator->add($id);
         }
 
         // if no change was made to the ID, return the result
         // else, return the new id if stripping whitespace made it
         //     valid, or return false.
-        return $result ? $id : false;
+        return $id;
     }
 }
 

library/HTMLPurifier/ConfigSchema/schema/Attr.ID.HTML5.txt

@@ -0,0 +1,10 @@
+Attr.ID.HTML5
+TYPE: bool/null
+DEFAULT: null
+VERSION: 4.8.0
+--DESCRIPTION--
+In HTML5, restrictions on the format of the id attribute have been significantly
+relaxed, such that any string is valid so long as it contains no spaces and
+is at least one character.  In lieu of a general HTML5 compatibility flag,
+set this configuration directive to true to use the relaxed rules.
+--# vim: et sw=4 sts=4

tests/HTMLPurifier/AttrDef/HTML/IDTest.php

@@ -105,6 +105,17 @@ class HTMLPurifier_AttrDef_HTML_IDTest extends HTMLPurifier_AttrDefHarness
 
     }
 
+    public function testRelaxed()
+    {
+        $this->config->set('Attr.ID.HTML5', true);
+
+        $this->assertDef('123');
+        $this->assertDef('x[1]');
+        $this->assertDef('not ok', false);
+        $this->assertDef(' ', false);
+        $this->assertDef('', false);
+    }
+
 }
 
 // vim: et sw=4 sts=4