mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-03 13:21:51 +00:00
Code Releases Activity

[1.7.0] Fix bug in HTMLPurifier_Harness that causes certain aspects of $input to change after parsing

Browse Source 
- Add makeLookup() convenience function to HTMLModule
- Relocate SGML exclusion comment
- Add preliminary Bdo module test

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1049 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-05-13 03:42:09 +00:00
parent bda9167423
commit da92cb9ff4
8 changed files with 145 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
library/HTMLPurifier/ElementDef.php
View File

@ -83,6 +83,14 @@ class HTMLPurifier_ElementDef
/** /**
* Lookup table of tags excluded from all descendants of this tag. * Lookup table of tags excluded from all descendants of this tag.
* @note SGML permits exclusions for all descendants, but this is
* not possible with DTDs or XML Schemas. W3C has elected to
* use complicated compositions of content_models to simulate
* exclusion for children, but we go the simpler, SGML-style
* route of flat-out exclusions, which correctly apply to
* all descendants and not just children. Note that the XHTML
* Modularization Abstract Modules are blithely unaware of such
* distinctions.
* @public * @public
*/ */
var $excludes = array(); var $excludes = array();

18
library/HTMLPurifier/HTMLModule.php
View File

@ -223,6 +223,24 @@ class HTMLPurifier_HTMLModule
} }
$attr[0] = $attr_includes; $attr[0] = $attr_includes;
} }
/**
* Convenience function that generates a lookup table with boolean
* true as value.
* @param $list List of values to turn into a lookup
* @note You can also pass an arbitrary number of arguments in
* place of the regular argument
* @return Lookup array equivalent of list
*/
function makeLookup($list) {
if (is_string($list)) $list = func_get_args();
$ret = array();
foreach ($list as $value) {
if (is_null($value)) continue;
$ret[$value] = true;
}
return $ret;
}
} }
?> ?>

90
library/HTMLPurifier/HTMLModule/Text.php
View File

@ -10,65 +10,61 @@ require_once 'HTMLPurifier/HTMLModule.php';
* - Block Structural (div, p) * - Block Structural (div, p)
* - Inline Phrasal (abbr, acronym, cite, code, dfn, em, kbd, q, samp, strong, var) * - Inline Phrasal (abbr, acronym, cite, code, dfn, em, kbd, q, samp, strong, var)
* - Inline Structural (br, span) * - Inline Structural (br, span)
* We have elected not to follow suite, but this may change. * This module, functionally, does not distinguish between these
* sub-modules, but the code is internally structured to reflect
* these distinctions.
*/ */
class HTMLPurifier_HTMLModule_Text extends HTMLPurifier_HTMLModule class HTMLPurifier_HTMLModule_Text extends HTMLPurifier_HTMLModule
{ {
var $name = 'Text'; var $name = 'Text';
var $elements = array('abbr', 'acronym', 'address', 'blockquote',
'br', 'cite', 'code', 'dfn', 'div', 'em', 'h1', 'h2', 'h3',
'h4', 'h5', 'h6', 'kbd', 'p', 'pre', 'q', 'samp', 'span', 'strong',
'var');
var $content_sets = array( var $content_sets = array(
'Heading' => 'h1 | h2 | h3 | h4 | h5 | h6',
'Block' => 'address | blockquote | div | p | pre',
'Inline' => 'abbr | acronym | br | cite | code | dfn | em | kbd | q | samp | span | strong | var',
'Flow' => 'Heading | Block | Inline' 'Flow' => 'Heading | Block | Inline'
); );
function HTMLPurifier_HTMLModule_Text() { function HTMLPurifier_HTMLModule_Text() {
foreach ($this->elements as $element) {
$this->info[$element] = new HTMLPurifier_ElementDef(); // Inline Phrasal -------------------------------------------------
// attributes $this->addElement('abbr', true, 'Inline', 'Inline', 'Common');
if ($element == 'br') { $this->addElement('acronym', true, 'Inline', 'Inline', 'Common');
$this->info[$element]->attr = array(0 => array('Core')); $this->addElement('cite', true, 'Inline', 'Inline', 'Common');
} elseif ($element == 'blockquote' || $element == 'q') { $this->addElement('code', true, 'Inline', 'Inline', 'Common');
$this->info[$element]->attr = array(0 => array('Common'), 'cite' => 'URI'); $this->addElement('dfn', true, 'Inline', 'Inline', 'Common');
} else { $this->addElement('em', true, 'Inline', 'Inline', 'Common');
$this->info[$element]->attr = array(0 => array('Common')); $this->addElement('kbd', true, 'Inline', 'Inline', 'Common');
} $this->addElement('q', true, 'Inline', 'Inline', 'Common', array('cite' => 'URI'));
// content models $this->addElement('samp', true, 'Inline', 'Inline', 'Common');
if ($element == 'br') { $this->addElement('strong', true, 'Inline', 'Inline', 'Common');
$this->info[$element]->content_model_type = 'empty'; $this->addElement('var', true, 'Inline', 'Inline', 'Common');
} elseif ($element == 'blockquote') {
$this->info[$element]->content_model = 'Heading | Block | List'; // Inline Structural ----------------------------------------------
$this->info[$element]->content_model_type = 'optional'; $this->addElement('span', true, 'Inline', 'Inline', 'Common');
} elseif ($element == 'div') { $this->addElement('br', true, 'Inline', 'Empty', 'Core');
$this->info[$element]->content_model = '#PCDATA | Flow';
$this->info[$element]->content_model_type = 'optional'; // Block Phrasal --------------------------------------------------
} else { $this->addElement('address', true, 'Block', 'Inline', 'Common');
$this->info[$element]->content_model = '#PCDATA | Inline'; $this->addElement('blockquote', true, 'Block',
$this->info[$element]->content_model_type = 'optional'; 'Optional: Heading | Block | List', 'Common', array('cite' => 'URI') );
} $pre =& $this->addElement('pre', true, 'Block', 'Inline', 'Common');
} $pre->excludes = $this->makeLookup(
// SGML permits exclusions for all descendants, but this is 'img', 'big', 'small', 'object', 'applet', 'font', 'basefont' );
// not possible with DTDs or XML Schemas. W3C has elected to $this->addElement('h1', true, 'Heading', 'Inline', 'Common');
// use complicated compositions of content_models to simulate $this->addElement('h2', true, 'Heading', 'Inline', 'Common');
// exclusion for children, but we go the simpler, SGML-style $this->addElement('h3', true, 'Heading', 'Inline', 'Common');
// route of flat-out exclusions. Note that the Abstract Module $this->addElement('h4', true, 'Heading', 'Inline', 'Common');
// is blithely unaware of such distinctions. $this->addElement('h5', true, 'Heading', 'Inline', 'Common');
$this->info['pre']->excludes = array_flip(array( $this->addElement('h6', true, 'Heading', 'Inline', 'Common');
'img', 'big', 'small',
'object', 'applet', 'font', 'basefont' // generally not allowed // Block Structural -----------------------------------------------
)); $p =& $this->addElement('p', true, 'Block', 'Inline', 'Common');
$this->info['p']->auto_close = array_flip(array( // this seems really ad hoc: implementing some general
// heuristics would probably be better
$p->auto_close = $this->makeLookup(
'address', 'blockquote', 'dd', 'dir', 'div', 'dl', 'dt', 'address', 'blockquote', 'dd', 'dir', 'div', 'dl', 'dt',
'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'ol', 'p', 'pre', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'ol', 'p', 'pre',
'table', 'ul' 'table', 'ul' );
)); $this->addElement('div', true, 'Block', 'Flow', 'Common');
} }
} }

30
tests/HTMLPurifier/HTMLModule/BdoTest.php Normal file
View File

@ -0,0 +1,30 @@
<?php
require_once 'HTMLPurifier/HTMLModuleHarness.php';
class HTMLPurifier_HTMLModule_BdoTest extends HTMLPurifier_HTMLModuleHarness
{
function test() {
$this->assertResult(
'<span>
<bdo
id="test-id"
class="class-name"
style="font-weight:bold;"
title="Title of tag"
lang="en"
xml:lang="en"
dir="rtl"
>
#PCDATA <span>Inline</span>
</bdo>
</span>', true, array('Attr.EnableID' => true)
);
}
}
?>

14
tests/HTMLPurifier/HTMLModuleHarness.php Normal file
View File

@ -0,0 +1,14 @@
<?php
require_once 'HTMLPurifier/StrategyHarness.php';
require_once 'HTMLPurifier/Strategy/Core.php';
class HTMLPurifier_HTMLModuleHarness extends HTMLPurifier_StrategyHarness
{
function setup() {
parent::setup();
$this->obj = new HTMLPurifier_Strategy_Core();
}
}
?>

24
tests/HTMLPurifier/HTMLModuleTest.php
View File

@ -121,6 +121,30 @@ class HTMLPurifier_HTMLModuleTest extends UnitTestCase
} }
function test_makeLookup() {
$module = new HTMLPurifier_HTMLModule();
$this->assertIdentical(
$module->makeLookup('foo'),
array('foo' => true)
);
$this->assertIdentical(
$module->makeLookup(array('foo')),
array('foo' => true)
);
$this->assertIdentical(
$module->makeLookup('foo', 'two'),
array('foo' => true, 'two' => true)
);
$this->assertIdentical(
$module->makeLookup(array('foo', 'two')),
array('foo' => true, 'two' => true)
);
}
} }
?> ?>

9
tests/HTMLPurifier/Harness.php
View File

@ -73,12 +73,17 @@ class HTMLPurifier_Harness extends UnitTestCase
$context->loadArray($context_array); $context->loadArray($context_array);
if ($this->to_tokens && is_string($input)) { if ($this->to_tokens && is_string($input)) {
$input = $this->lexer->tokenizeHTML($input, $config, $context); // $func may cause $input to change, so "clone" another copy
// to sacrifice
$input = $this->lexer->tokenizeHTML($s = $input, $config, $context);
$input_c = $this->lexer->tokenizeHTML($s, $config, $context);
} else {
$input_c = $input;
} }
// call the function // call the function
$func = $this->func; $func = $this->func;
$result = $this->obj->$func($input, $config, $context); $result = $this->obj->$func($input_c, $config, $context);
// test a bool result // test a bool result
if (is_bool($result)) { if (is_bool($result)) {

1
tests/test_files.php
View File

@ -62,6 +62,7 @@ $test_files[] = 'EntityParserTest.php';
$test_files[] = 'GeneratorTest.php'; $test_files[] = 'GeneratorTest.php';
$test_files[] = 'HTMLModuleManagerTest.php'; $test_files[] = 'HTMLModuleManagerTest.php';
$test_files[] = 'HTMLModuleTest.php'; $test_files[] = 'HTMLModuleTest.php';
$test_files[] = 'HTMLModule/BdoTest.php';
$test_files[] = 'IDAccumulatorTest.php'; $test_files[] = 'IDAccumulatorTest.php';
$test_files[] = 'LanguageFactoryTest.php'; $test_files[] = 'LanguageFactoryTest.php';
$test_files[] = 'LanguageTest.php'; $test_files[] = 'LanguageTest.php';