0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-03 13:21:51 +00:00

Fix bug involving autoclose and inline elements in strict <blockquote>.

The newest autoclose code uses the elements property in whether or not an
element should be closed by a particular tag.  The heuristic is simple; if
the element doesn't allow that tag as a child, it closes the parent
container.  This doesn't work, however, with <blockquote>, which while not
allowing inline styles under Strict doctypes, requires them to be passed
through MakeWellFormed.

The fix was to transition MakeWellFormed to call a method to retrieve the
elements, and then have StrictBlockquote implement a special version of
this method.  Future versions of HTML Purifier may be more flexible in this
regard--further study of the HTML5 specification is required.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
Edward Z. Yang 2008-08-01 20:52:06 -04:00
parent 1d90bb2397
commit e013bc9126
6 changed files with 48 additions and 9 deletions

1
NEWS
View File

@ -37,6 +37,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
Requested by Chris. Requested by Chris.
- Fix error in documentation regarding %Filter.ExtractStyleBlocks - Fix error in documentation regarding %Filter.ExtractStyleBlocks
- Prevent <![CDATA[<body></body>]]> from triggering %Core.ConvertDocumentToFragment - Prevent <![CDATA[<body></body>]]> from triggering %Core.ConvertDocumentToFragment
- Fix bug with inline elements in blockquotes conflicting with strict doctype
. Strategy_MakeWellFormed now operates in-place, saving memory and allowing . Strategy_MakeWellFormed now operates in-place, saving memory and allowing
for more interesting filter-backtracking for more interesting filter-backtracking
. New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind

View File

@ -24,6 +24,14 @@ abstract class HTMLPurifier_ChildDef
*/ */
public $elements = array(); public $elements = array();
/**
* Get lookup of tag names that should not close this element automatically.
* All other elements will do so.
*/
public function getNonAutoCloseElements($config) {
return $this->elements;
}
/** /**
* Validates nodes according to definition and returns modification. * Validates nodes according to definition and returns modification.
* *

View File

@ -10,16 +10,19 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
public $allow_empty = true; public $allow_empty = true;
public $type = 'strictblockquote'; public $type = 'strictblockquote';
protected $init = false; protected $init = false;
/**
* @note We don't want MakeWellFormed to auto-close inline elements since
* they might be allowed.
*/
public function getNonAutoCloseElements($config) {
$this->init($config);
return $this->fake_elements;
}
public function validateChildren($tokens_of_children, $config, $context) { public function validateChildren($tokens_of_children, $config, $context) {
$def = $config->getHTMLDefinition(); $this->init($config);
if (!$this->init) {
// allow all inline elements
$this->real_elements = $this->elements;
$this->fake_elements = $def->info_content_sets['Flow'];
$this->fake_elements['#PCDATA'] = true;
$this->init = true;
}
// trick the parent class into thinking it allows more // trick the parent class into thinking it allows more
$this->elements = $this->fake_elements; $this->elements = $this->fake_elements;
@ -29,6 +32,7 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
if ($result === false) return array(); if ($result === false) return array();
if ($result === true) $result = $tokens_of_children; if ($result === true) $result = $tokens_of_children;
$def = $config->getHTMLDefinition();
$block_wrap_start = new HTMLPurifier_Token_Start($def->info_block_wrapper); $block_wrap_start = new HTMLPurifier_Token_Start($def->info_block_wrapper);
$block_wrap_end = new HTMLPurifier_Token_End( $def->info_block_wrapper); $block_wrap_end = new HTMLPurifier_Token_End( $def->info_block_wrapper);
$is_inline = false; $is_inline = false;
@ -68,5 +72,16 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
if ($is_inline) $ret[] = $block_wrap_end; if ($is_inline) $ret[] = $block_wrap_end;
return $ret; return $ret;
} }
private function init($config) {
if (!$this->init) {
$def = $config->getHTMLDefinition();
// allow all inline elements
$this->real_elements = $this->elements;
$this->fake_elements = $def->info_content_sets['Flow'];
$this->fake_elements['#PCDATA'] = true;
$this->init = true;
}
}
} }

View File

@ -140,7 +140,7 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
$parent = array_pop($this->currentNesting); $parent = array_pop($this->currentNesting);
if (isset($definition->info[$parent->name])) { if (isset($definition->info[$parent->name])) {
$elements = $definition->info[$parent->name]->child->elements; $elements = $definition->info[$parent->name]->child->getNonAutoCloseElements($config);
$autoclose = !isset($elements[$token->name]); $autoclose = !isset($elements[$token->name]);
} else { } else {
$autoclose = false; $autoclose = false;

View File

@ -0,0 +1,6 @@
--INI--
HTML.Doctype = "XHTML 1.0 Strict"
--HTML--
<blockquote>Illegal <b>contents</b></blockquote>
--EXPECT--
<blockquote><p>Illegal <b>contents</b></p></blockquote>

View File

@ -93,5 +93,14 @@ class HTMLPurifier_Strategy_MakeWellFormedTest extends HTMLPurifier_StrategyHarn
); );
} }
function testBlockquoteWithInline() {
$this->config->set('HTML', 'Doctype', 'XHTML 1.0 Strict');
$this->assertResult(
// This is actually invalid, but will be fixed by
// ChildDef_StrictBlockquote
'<blockquote>foo<b>bar</b></blockquote>'
);
}
} }