mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-18 11:41:52 +00:00
Fix bug involving autoclose and inline elements in strict <blockquote>.
The newest autoclose code uses the elements property in whether or not an element should be closed by a particular tag. The heuristic is simple; if the element doesn't allow that tag as a child, it closes the parent container. This doesn't work, however, with <blockquote>, which while not allowing inline styles under Strict doctypes, requires them to be passed through MakeWellFormed. The fix was to transition MakeWellFormed to call a method to retrieve the elements, and then have StrictBlockquote implement a special version of this method. Future versions of HTML Purifier may be more flexible in this regard--further study of the HTML5 specification is required. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
parent
1d90bb2397
commit
e013bc9126
1
NEWS
1
NEWS
@ -37,6 +37,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
Requested by Chris.
|
Requested by Chris.
|
||||||
- Fix error in documentation regarding %Filter.ExtractStyleBlocks
|
- Fix error in documentation regarding %Filter.ExtractStyleBlocks
|
||||||
- Prevent <![CDATA[<body></body>]]> from triggering %Core.ConvertDocumentToFragment
|
- Prevent <![CDATA[<body></body>]]> from triggering %Core.ConvertDocumentToFragment
|
||||||
|
- Fix bug with inline elements in blockquotes conflicting with strict doctype
|
||||||
. Strategy_MakeWellFormed now operates in-place, saving memory and allowing
|
. Strategy_MakeWellFormed now operates in-place, saving memory and allowing
|
||||||
for more interesting filter-backtracking
|
for more interesting filter-backtracking
|
||||||
. New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind
|
. New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind
|
||||||
|
@ -24,6 +24,14 @@ abstract class HTMLPurifier_ChildDef
|
|||||||
*/
|
*/
|
||||||
public $elements = array();
|
public $elements = array();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get lookup of tag names that should not close this element automatically.
|
||||||
|
* All other elements will do so.
|
||||||
|
*/
|
||||||
|
public function getNonAutoCloseElements($config) {
|
||||||
|
return $this->elements;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validates nodes according to definition and returns modification.
|
* Validates nodes according to definition and returns modification.
|
||||||
*
|
*
|
||||||
|
@ -10,16 +10,19 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
|
|||||||
public $allow_empty = true;
|
public $allow_empty = true;
|
||||||
public $type = 'strictblockquote';
|
public $type = 'strictblockquote';
|
||||||
protected $init = false;
|
protected $init = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @note We don't want MakeWellFormed to auto-close inline elements since
|
||||||
|
* they might be allowed.
|
||||||
|
*/
|
||||||
|
public function getNonAutoCloseElements($config) {
|
||||||
|
$this->init($config);
|
||||||
|
return $this->fake_elements;
|
||||||
|
}
|
||||||
|
|
||||||
public function validateChildren($tokens_of_children, $config, $context) {
|
public function validateChildren($tokens_of_children, $config, $context) {
|
||||||
|
|
||||||
$def = $config->getHTMLDefinition();
|
$this->init($config);
|
||||||
if (!$this->init) {
|
|
||||||
// allow all inline elements
|
|
||||||
$this->real_elements = $this->elements;
|
|
||||||
$this->fake_elements = $def->info_content_sets['Flow'];
|
|
||||||
$this->fake_elements['#PCDATA'] = true;
|
|
||||||
$this->init = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// trick the parent class into thinking it allows more
|
// trick the parent class into thinking it allows more
|
||||||
$this->elements = $this->fake_elements;
|
$this->elements = $this->fake_elements;
|
||||||
@ -29,6 +32,7 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
|
|||||||
if ($result === false) return array();
|
if ($result === false) return array();
|
||||||
if ($result === true) $result = $tokens_of_children;
|
if ($result === true) $result = $tokens_of_children;
|
||||||
|
|
||||||
|
$def = $config->getHTMLDefinition();
|
||||||
$block_wrap_start = new HTMLPurifier_Token_Start($def->info_block_wrapper);
|
$block_wrap_start = new HTMLPurifier_Token_Start($def->info_block_wrapper);
|
||||||
$block_wrap_end = new HTMLPurifier_Token_End( $def->info_block_wrapper);
|
$block_wrap_end = new HTMLPurifier_Token_End( $def->info_block_wrapper);
|
||||||
$is_inline = false;
|
$is_inline = false;
|
||||||
@ -68,5 +72,16 @@ class HTMLPurifier_ChildDef_StrictBlockquote extends HTMLPurifier_ChildDef_Requi
|
|||||||
if ($is_inline) $ret[] = $block_wrap_end;
|
if ($is_inline) $ret[] = $block_wrap_end;
|
||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function init($config) {
|
||||||
|
if (!$this->init) {
|
||||||
|
$def = $config->getHTMLDefinition();
|
||||||
|
// allow all inline elements
|
||||||
|
$this->real_elements = $this->elements;
|
||||||
|
$this->fake_elements = $def->info_content_sets['Flow'];
|
||||||
|
$this->fake_elements['#PCDATA'] = true;
|
||||||
|
$this->init = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -140,7 +140,7 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
|
|||||||
|
|
||||||
$parent = array_pop($this->currentNesting);
|
$parent = array_pop($this->currentNesting);
|
||||||
if (isset($definition->info[$parent->name])) {
|
if (isset($definition->info[$parent->name])) {
|
||||||
$elements = $definition->info[$parent->name]->child->elements;
|
$elements = $definition->info[$parent->name]->child->getNonAutoCloseElements($config);
|
||||||
$autoclose = !isset($elements[$token->name]);
|
$autoclose = !isset($elements[$token->name]);
|
||||||
} else {
|
} else {
|
||||||
$autoclose = false;
|
$autoclose = false;
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
--INI--
|
||||||
|
HTML.Doctype = "XHTML 1.0 Strict"
|
||||||
|
--HTML--
|
||||||
|
<blockquote>Illegal <b>contents</b></blockquote>
|
||||||
|
--EXPECT--
|
||||||
|
<blockquote><p>Illegal <b>contents</b></p></blockquote>
|
@ -93,5 +93,14 @@ class HTMLPurifier_Strategy_MakeWellFormedTest extends HTMLPurifier_StrategyHarn
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testBlockquoteWithInline() {
|
||||||
|
$this->config->set('HTML', 'Doctype', 'XHTML 1.0 Strict');
|
||||||
|
$this->assertResult(
|
||||||
|
// This is actually invalid, but will be fixed by
|
||||||
|
// ChildDef_StrictBlockquote
|
||||||
|
'<blockquote>foo<b>bar</b></blockquote>'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user