mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
[1.6.0] Add error messages for when user attempts to "allow" elements or attributes HTML Purifier does not support.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@927 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
b15e8c344e
commit
e08b5aaa70
2
NEWS
2
NEWS
@ -21,6 +21,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
and %Attr.AllowedRev to activate
|
and %Attr.AllowedRev to activate
|
||||||
- You can define ID blacklists using regular expressions via
|
- You can define ID blacklists using regular expressions via
|
||||||
%Attr.IDBlacklistRegexp
|
%Attr.IDBlacklistRegexp
|
||||||
|
- Error messages are emitted when you attempt to "allow" elements or
|
||||||
|
attributes that HTML Purifier does not support
|
||||||
|
|
||||||
1.5.1, unknown release date
|
1.5.1, unknown release date
|
||||||
- Fix segfault in unit test. The problem is not very reproduceable and
|
- Fix segfault in unit test. The problem is not very reproduceable and
|
||||||
|
8
TODO
8
TODO
@ -7,16 +7,12 @@ TODO List
|
|||||||
? Maybe I'll Do It
|
? Maybe I'll Do It
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
1.6 release [Long Overdue]
|
|
||||||
- More user-friendly warnings when %HTML.Allow* attempts to specify a
|
|
||||||
tag or attribute that is not supported
|
|
||||||
|
|
||||||
1.7 release [Advanced API]
|
1.7 release [Advanced API]
|
||||||
# Complete advanced API, and fully document it
|
# Complete advanced API, and fully document it
|
||||||
# Add pre-packaged "levels" of cleaning
|
|
||||||
# Implement all edge-case attribute transforms
|
# Implement all edge-case attribute transforms
|
||||||
# Implement all deprecated tags and attributes
|
# Implement all deprecated tags and attributes
|
||||||
- Parse TinyMCE-style whitelist into our %HTML.Allow* whitelists
|
- Parse TinyMCE-style whitelist into our %HTML.Allow* whitelists (possibly
|
||||||
|
do this earlier)
|
||||||
|
|
||||||
1.8 release [Refactor, refactor!]
|
1.8 release [Refactor, refactor!]
|
||||||
# URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX)
|
# URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX)
|
||||||
|
@ -218,18 +218,31 @@ class HTMLPurifier_HTMLDefinition
|
|||||||
$this->info_parent, $this->config);
|
$this->info_parent, $this->config);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// support template text
|
||||||
|
$support = "(for information on implementing this, see the ".
|
||||||
|
"support forums) ";
|
||||||
|
|
||||||
// setup allowed elements, SubtractiveWhitelist module
|
// setup allowed elements, SubtractiveWhitelist module
|
||||||
$allowed_elements = $this->config->get('HTML', 'AllowedElements');
|
$allowed_elements = $this->config->get('HTML', 'AllowedElements');
|
||||||
if (is_array($allowed_elements)) {
|
if (is_array($allowed_elements)) {
|
||||||
foreach ($this->info as $name => $d) {
|
foreach ($this->info as $name => $d) {
|
||||||
if(!isset($allowed_elements[$name])) unset($this->info[$name]);
|
if(!isset($allowed_elements[$name])) unset($this->info[$name]);
|
||||||
|
unset($allowed_elements[$name]);
|
||||||
|
}
|
||||||
|
// emit errors
|
||||||
|
foreach ($allowed_elements as $element => $d) {
|
||||||
|
trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$allowed_attributes = $this->config->get('HTML', 'AllowedAttributes');
|
$allowed_attributes = $this->config->get('HTML', 'AllowedAttributes');
|
||||||
|
$allowed_attributes_mutable = $allowed_attributes; // by copy!
|
||||||
if (is_array($allowed_attributes)) {
|
if (is_array($allowed_attributes)) {
|
||||||
foreach ($this->info_global_attr as $attr_key => $info) {
|
foreach ($this->info_global_attr as $attr_key => $info) {
|
||||||
if (!isset($allowed_attributes["*.$attr_key"])) {
|
if (!isset($allowed_attributes["*.$attr_key"])) {
|
||||||
unset($this->info_global_attr[$attr_key]);
|
unset($this->info_global_attr[$attr_key]);
|
||||||
|
} elseif (isset($allowed_attributes_mutable["*.$attr_key"])) {
|
||||||
|
unset($allowed_attributes_mutable["*.$attr_key"]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
foreach ($this->info as $tag => $info) {
|
foreach ($this->info as $tag => $info) {
|
||||||
@ -237,9 +250,27 @@ class HTMLPurifier_HTMLDefinition
|
|||||||
if (!isset($allowed_attributes["$tag.$attr"]) &&
|
if (!isset($allowed_attributes["$tag.$attr"]) &&
|
||||||
!isset($allowed_attributes["*.$attr"])) {
|
!isset($allowed_attributes["*.$attr"])) {
|
||||||
unset($this->info[$tag]->attr[$attr]);
|
unset($this->info[$tag]->attr[$attr]);
|
||||||
|
} else {
|
||||||
|
if (isset($allowed_attributes_mutable["$tag.$attr"])) {
|
||||||
|
unset($allowed_attributes_mutable["$tag.$attr"]);
|
||||||
|
} elseif (isset($allowed_attributes_mutable["*.$attr"])) {
|
||||||
|
unset($allowed_attributes_mutable["*.$attr"]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// emit errors
|
||||||
|
foreach ($allowed_attributes_mutable as $elattr => $d) {
|
||||||
|
list($element, $attribute) = explode('.', $elattr);
|
||||||
|
if ($element == '*') {
|
||||||
|
trigger_error("Global attribute '$attribute' is not ".
|
||||||
|
"supported in any elements $support",
|
||||||
|
E_USER_WARNING);
|
||||||
|
} else {
|
||||||
|
trigger_error("Attribute '$attribute' in element '$element' not supported $support",
|
||||||
|
E_USER_WARNING);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user