fix: Avoid a deprecated error when the attribute name is numeric and DirectLex is used (#412)

2024-09-16 17:35:19 +00:00 · 2024-07-31 11:06:23 +09:00 · 2024-07-31 11:06:23 +09:00 · f0fbf51098
commit f0fbf51098
parent 70754a2533
2 changed files with 12 additions and 1 deletions
--- a/library/HTMLPurifier/Token/Tag.php
+++ b/library/HTMLPurifier/Token/Tag.php
@ -44,7 +44,7 @@ abstract class HTMLPurifier_Token_Tag extends HTMLPurifier_Token
        $this->name = ctype_lower($name) ? $name : strtolower($name);
        foreach ($attr as $key => $value) {
            // normalization only necessary when key is not lowercase
-            if (!ctype_lower($key)) {
+            if (!ctype_lower((string)$key)) {
                $new_key = strtolower($key);
                if (!isset($attr[$new_key])) {
                    $attr[$new_key] = $attr[$key];
--- a/tests/HTMLPurifier/HTMLDefinitionTest.php
+++ b/tests/HTMLPurifier/HTMLDefinitionTest.php
@ -222,6 +222,17 @@ a[href|title]
        $this->assertPurification_AllowedAttributes_local_p_style();
    }

+    public function test_AllowedAttributes_invalidAttributeDueToConsistingOfNumbers_UsingDirectLex()
+    {
+        $this->config->set('HTML.AllowedElements', array('a'));
+        $this->config->set('HTML.AllowedAttributes', 'href');
+        $this->config->set('Core.LexerImpl', 'DirectLex');
+        $this->assertPurification(
+            '<a href="https://example.com/" 10="hoge">Test</a>',
+            '<a href="https://example.com/">Test</a>'
+        );
+    }
+
    public function test_ForbiddenElements()
    {
        $this->config->set('HTML.ForbiddenElements', 'b');