Make name="" and id="" play nicely together.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2024-09-18 18:25:18 +00:00 · 2009-02-21 02:58:30 -05:00 · 2009-02-21 02:58:30 -05:00 · fcbf724e6e
commit fcbf724e6e
parent 92344cc83a
9 changed files with 84 additions and 4 deletions
--- a/2
+++ b/2
@ -10,7 +10,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ==========================

 4.0.0, unknown release date
-(no items yet)
+! More robust support for name="" and id=""

 3.3.0, released 2009-02-16
 ! Implement CSS property 'overflow' when %CSS.AllowTricky is true.
--- a/1
+++ b/1
@ -14,7 +14,6 @@ afraid to cast your vote for the next feature to be implemented!
 - Investigate how early internal structures can be accessed; this would
  prevent structures from being parsed and serialized multiple times.
 - Built-in support for target="_blank" on all external links
- Allow <a id="asdf" name="asdf">
 - Convert configuration to allow an arbitrary number of namespaces;
  then rename as appropriate.

--- a/library/HTMLPurifier.includes.php
+++ b/library/HTMLPurifier.includes.php
@ -123,6 +123,7 @@ require 'HTMLPurifier/AttrTransform/Input.php';
 require 'HTMLPurifier/AttrTransform/Lang.php';
 require 'HTMLPurifier/AttrTransform/Length.php';
 require 'HTMLPurifier/AttrTransform/Name.php';
+require 'HTMLPurifier/AttrTransform/NameSync.php';
 require 'HTMLPurifier/AttrTransform/SafeEmbed.php';
 require 'HTMLPurifier/AttrTransform/SafeObject.php';
 require 'HTMLPurifier/AttrTransform/SafeParam.php';
--- a/library/HTMLPurifier.safe-includes.php
+++ b/library/HTMLPurifier.safe-includes.php
@ -117,6 +117,7 @@ require_once $__dir . '/HTMLPurifier/AttrTransform/Input.php';
 require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
 require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
 require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php';
 require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php';
 require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php';
 require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php';
--- a/library/HTMLPurifier/AttrTransform/NameSync.php
+++ b/library/HTMLPurifier/AttrTransform/NameSync.php
@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Post-transform that performs validation to the name attribute; if
+ * it is present with an equivalent id attribute, it is passed through;
+ * otherwise validation is performed.
+ */
+class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
+{
+
+    public function __construct() {
+        $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
+    }
+
+    public function transform($attr, $config, $context) {
+        if (!isset($attr['name'])) return $attr;
+        $name = $attr['name'];
+        if (isset($attr['id']) && $attr['id'] === $name) return $attr;
+        $result = $this->idDef->validate($name, $config, $context);
+        if ($result === false) unset($attr['name']);
+        else $attr['name'] = $result;
+        return $attr;
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/library/HTMLPurifier/HTMLModule/Name.php
+++ b/library/HTMLPurifier/HTMLModule/Name.php
@ -9,7 +9,8 @@ class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule
        $elements = array('a', 'applet', 'form', 'frame', 'iframe', 'img', 'map');
        foreach ($elements as $name) {
            $element = $this->addBlankElement($name);
-            $element->attr['name'] = 'ID';
+            $element->attr['name'] = 'CDATA';
+            $element->attr_transform_post['NameSync'] = new HTMLPurifier_AttrTransform_NameSync();
        }
    }

--- a/tests/HTMLPurifier/AttrTransform/NameSyncTest.php
+++ b/tests/HTMLPurifier/AttrTransform/NameSyncTest.php
@ -0,0 +1,40 @@
+<?php
+
+class HTMLPurifier_AttrTransform_NameSyncTest extends HTMLPurifier_AttrTransformHarness
+{
+
+    function setUp() {
+        parent::setUp();
+        $this->obj = new HTMLPurifier_AttrTransform_NameSync();
+        $this->accumulator = new HTMLPurifier_IDAccumulator();
+        $this->context->register('IDAccumulator', $this->accumulator);
+        $this->config->set('Attr', 'EnableID', true);
+    }
+
+    function testEmpty() {
+        $this->assertResult( array() );
+    }
+
+    function testAllowSame() {
+        $this->assertResult(
+            array('name' => 'free', 'id' => 'free')
+        );
+    }
+
+    function testAllowDifferent() {
+        $this->assertResult(
+            array('name' => 'tryit', 'id' => 'thisgood')
+        );
+    }
+
+    function testCheckName() {
+        $this->accumulator->add('notok');
+        $this->assertResult(
+            array('name' => 'notok', 'id' => 'ok'),
+            array('id' => 'ok')
+        );
+    }
+
+}
+
+// vim: et sw=4 sts=4
--- a/tests/HTMLPurifier/ComplexHarness.php
+++ b/tests/HTMLPurifier/ComplexHarness.php
@ -81,7 +81,7 @@ class HTMLPurifier_ComplexHarness extends HTMLPurifier_Harness
        $this->assertIdentical($expect, $result);

        if ($expect !== $result) {
-            echo '<pre>' . htmlspecialchars($result) . '</pre>';
+            echo '<pre>' . var_dump($result) . '</pre>';
        }

    }
--- a/tests/HTMLPurifier/HTMLT/id-name-mix.htmlt
+++ b/tests/HTMLPurifier/HTMLT/id-name-mix.htmlt
@ -0,0 +1,11 @@
+--INI--
+Attr.EnableID = true
+--HTML--
+<a name="foo" id="foo">Test</a>
+<a name="foo">Test2</a>
+<a name="bar" id="baz">Test3</a>
+--EXPECT--
+<a name="foo" id="foo">Test</a>
+<a>Test2</a>
+<a name="bar" id="baz">Test3</a>
+--# vim: et sw=4 sts=4