0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00

Proper support for name attribute in <a> and <img>

Prior to this commit, the name attribute was unilaterally removed, except
for Strict doctypes or a heavy TidyLevel, when it was converted to an id
attribute. As name is actually permitted in both HTML 4.01 Strict and
XHTML 1.0 Strict, although deprecated, the more sensible default behavior
is to allow it unless TidyLevel is heavy.

Our implementation is slightly stricter than the specs, as name attributes are
treated as first class IDs, disallowing <a name="foo" id="foo"> or duplicate
names. The former should be treated as a special case, but that will be
a separate commit.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
This commit is contained in:
Edward Z. Yang 2008-06-27 15:44:27 -04:00
parent f8b47c64dd
commit fd384129bf
10 changed files with 80 additions and 24 deletions

3
NEWS
View File

@ -15,6 +15,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
! %Output.AttrSort for when you need your attributes in alphabetical order to
deal with a bug in FCKEditor. Requested by frank farmer.
! Enable HTML comments when %HTML.Trusted is on. Requested by Waldo Jaquith.
! Proper support for name attribute. It is now allowed and equivalent to the id
attribute in a and img tags, and is only converted to id when %HTML.TidyLevel
is heavy (for all doctypes).
. Strategy_MakeWellFormed now operates in-place, saving memory and allowing
for more interesting filter-backtracking

2
TODO
View File

@ -14,7 +14,7 @@ afraid to cast your vote for the next feature to be implemented!
- Investigate how early internal structures can be accessed; this would
prevent structures from being parsed and serialized multiple times.
- Built-in support for target="_blank" on all external links
- Gitify the repository
- Allow <a id="asdf" name="asdf'>
FUTURE VERSIONS
---------------

View File

@ -13,7 +13,7 @@
<line>327</line>
</file>
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
<line>44</line>
<line>47</line>
</file>
</directive>
<directive id="CSS.MaxImgLength">
@ -151,7 +151,7 @@
</directive>
<directive id="HTML.Trusted">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>198</line>
<line>199</line>
</file>
<file name="HTMLPurifier/Lexer.php">
<line>238</line>
@ -162,30 +162,33 @@
<file name="HTMLPurifier/Lexer/DirectLex.php">
<line>34</line>
</file>
</directive>
<directive id="HTML.AllowedModules">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>205</line>
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
<line>23</line>
</file>
</directive>
<directive id="HTML.CoreModules">
<directive id="HTML.AllowedModules">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>206</line>
</file>
</directive>
<directive id="HTML.CoreModules">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>207</line>
</file>
</directive>
<directive id="HTML.Proprietary">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>220</line>
<line>221</line>
</file>
</directive>
<directive id="HTML.SafeObject">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>225</line>
<line>226</line>
</file>
</directive>
<directive id="HTML.SafeEmbed">
<file name="HTMLPurifier/HTMLModuleManager.php">
<line>228</line>
<line>229</line>
</file>
</directive>
<directive id="Attr.IDBlacklist">
@ -366,7 +369,7 @@
</directive>
<directive id="Core.EscapeInvalidTags">
<file name="HTMLPurifier/Strategy/MakeWellFormed.php">
<line>22</line>
<line>21</line>
</file>
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
<line>19</line>
@ -374,12 +377,12 @@
</directive>
<directive id="Core.RemoveScriptContents">
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
<line>22</line>
<line>25</line>
</file>
</directive>
<directive id="Core.HiddenElements">
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
<line>23</line>
<line>26</line>
</file>
</directive>
<directive id="URI.HostBlacklist">

View File

@ -141,6 +141,7 @@ require 'HTMLPurifier/HTMLModule/Hypertext.php';
require 'HTMLPurifier/HTMLModule/Image.php';
require 'HTMLPurifier/HTMLModule/Legacy.php';
require 'HTMLPurifier/HTMLModule/List.php';
require 'HTMLPurifier/HTMLModule/Name.php';
require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
require 'HTMLPurifier/HTMLModule/Object.php';
require 'HTMLPurifier/HTMLModule/Presentation.php';
@ -155,6 +156,7 @@ require 'HTMLPurifier/HTMLModule/Target.php';
require 'HTMLPurifier/HTMLModule/Text.php';
require 'HTMLPurifier/HTMLModule/Tidy.php';
require 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
require 'HTMLPurifier/HTMLModule/Tidy/Name.php';
require 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
require 'HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
require 'HTMLPurifier/HTMLModule/Tidy/Strict.php';

View File

@ -135,6 +135,7 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/Hypertext.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/List.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php';
@ -149,6 +150,7 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/Target.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Text.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Name.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Strict.php';

View File

@ -0,0 +1,16 @@
<?php
class HTMLPurifier_HTMLModule_Name extends HTMLPurifier_HTMLModule
{
public $name = 'Name';
public function setup($config) {
$elements = array('a', 'applet', 'form', 'frame', 'iframe', 'img', 'map');
foreach ($elements as $name) {
$element = $this->addBlankElement($name);
$element->attr['name'] = 'ID';
}
}
}

View File

@ -0,0 +1,23 @@
<?php
/**
* Name is deprecated, but allowed in strict doctypes, so onl
*/
class HTMLPurifier_HTMLModule_Tidy_Name extends HTMLPurifier_HTMLModule_Tidy
{
public $name = 'Tidy_Name';
public $defaultLevel = 'heavy';
public function makeFixes() {
$r = array();
// @name for img, a -----------------------------------------------
// Technically, it's allowed even on strict, so we allow authors to use
// it. However, it's deprecated in future versions of XHTML.
$r['img@name'] =
$r['a@name'] = new HTMLPurifier_AttrTransform_Name();
return $r;
}
}

View File

@ -103,10 +103,6 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
// @hspace for img ------------------------------------------------
$r['img@hspace'] = new HTMLPurifier_AttrTransform_ImgSpace('hspace');
// @name for img, a -----------------------------------------------
$r['img@name'] =
$r['a@name'] = new HTMLPurifier_AttrTransform_Name();
// @noshade for hr ------------------------------------------------
// this transformation is not precise but often good enough.
// different browsers use different styles to designate noshade

View File

@ -63,7 +63,8 @@ class HTMLPurifier_HTMLModuleManager
$common = array(
'CommonAttributes', 'Text', 'Hypertext', 'List',
'Presentation', 'Edit', 'Bdo', 'Tables', 'Image',
'StyleAttribute', 'Scripting', 'Object'
'StyleAttribute', 'Scripting', 'Object',
'Name' // technically legacy, but present in all the specs
);
$transitional = array('Legacy', 'Target');
$xml = array('XMLCommonAttributes');
@ -82,7 +83,7 @@ class HTMLPurifier_HTMLModuleManager
$this->doctypes->register(
'HTML 4.01 Strict', false,
array_merge($common, $non_xml),
array('Tidy_Strict', 'Tidy_Proprietary'),
array('Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),
array(),
'-//W3C//DTD HTML 4.01//EN',
'http://www.w3.org/TR/html4/strict.dtd'
@ -91,7 +92,7 @@ class HTMLPurifier_HTMLModuleManager
$this->doctypes->register(
'XHTML 1.0 Transitional', true,
array_merge($common, $transitional, $xml, $non_xml),
array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary'),
array('Tidy_Transitional', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Name'),
array(),
'-//W3C//DTD XHTML 1.0 Transitional//EN',
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'
@ -100,7 +101,7 @@ class HTMLPurifier_HTMLModuleManager
$this->doctypes->register(
'XHTML 1.0 Strict', true,
array_merge($common, $xml, $non_xml),
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Strict', 'Tidy_Proprietary'),
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Strict', 'Tidy_Proprietary', 'Tidy_Name'),
array(),
'-//W3C//DTD XHTML 1.0 Strict//EN',
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'
@ -109,7 +110,7 @@ class HTMLPurifier_HTMLModuleManager
$this->doctypes->register(
'XHTML 1.1', true,
array_merge($common, $xml, array('Ruby')),
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Strict'), // Tidy_XHTML1_1
array('Tidy_Strict', 'Tidy_XHTML', 'Tidy_Proprietary', 'Tidy_Strict', 'Tidy_Name'), // Tidy_XHTML1_1
array(),
'-//W3C//DTD XHTML 1.1//EN',
'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'
@ -379,6 +380,10 @@ class HTMLPurifier_HTMLModuleManager
$this->contentSets->generateChildDef($def, $module);
}
// This can occur if there is a blank definition, but no base to
// mix it in with
if (!$def) return false;
// add information on required attributes
foreach ($def->attr as $attr_name => $attr_def) {
if ($attr_def->required) {

View File

@ -226,5 +226,11 @@ alert("<This is compatible with XHTML>");
);
}
function test_name() {
$this->config->set('Attr', 'EnableID', true);
$this->config->set('HTML', 'Doctype', 'XHTML 1.0 Strict');
$this->assertPurification('<a name="asdf"></a>');
}
}