mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-07-31 03:10:09 +02:00
- Fixed lots of bugs
- Defined new directive %Core.EscapeInvalidChildren, for previously commented out functionality - Removed convenience configuration generation: you *have* to pass it unless you're interfacing with HTMLPurifier - Homogenized function parameters even when only a few of them are used - Rewrote unit tests that expected previous behavior - Introduced configuration object to ChildDef tests git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@243 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
@@ -59,7 +59,7 @@ class HTMLPurifier
|
||||
$generator = new HTMLPurifier_Generator();
|
||||
return $generator->generateFromTokens(
|
||||
$strategy->execute(
|
||||
$lexer->tokenizeHTML($html)
|
||||
$lexer->tokenizeHTML($html), $config
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
@@ -12,6 +12,13 @@
|
||||
// we may end up writing custom code for each HTML case
|
||||
// in order to make it self correcting
|
||||
|
||||
HTMLPurifier_ConfigDef::define(
|
||||
'Core', 'EscapeInvalidChildren', false,
|
||||
'When true, a child is found that is not allowed in the context of the '.
|
||||
'parent element will be transformed into text as if it were ASCII. When '.
|
||||
'false, that element (and all its descendants) will be silently dropped.'
|
||||
);
|
||||
|
||||
class HTMLPurifier_ChildDef
|
||||
{
|
||||
var $type;
|
||||
@@ -40,7 +47,7 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
|
||||
$reg = preg_replace('/([#a-zA-Z0-9_.-]+)/', '(,?\\0)', $reg);
|
||||
$this->_pcre_regex = $reg;
|
||||
}
|
||||
function validateChildren($tokens_of_children) {
|
||||
function validateChildren($tokens_of_children, $config, $context) {
|
||||
$list_of_children = '';
|
||||
$nesting = 0; // depth into the nest
|
||||
foreach ($tokens_of_children as $token) {
|
||||
@@ -85,7 +92,7 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
}
|
||||
var $allow_empty = false;
|
||||
var $type = 'required';
|
||||
function validateChildren($tokens_of_children) {
|
||||
function validateChildren($tokens_of_children, $config, $context) {
|
||||
// if there are no tokens, delete parent node
|
||||
if (empty($tokens_of_children)) return false;
|
||||
|
||||
@@ -106,6 +113,9 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
// a little sanity check to make sure it's not ALL whitespace
|
||||
$all_whitespace = true;
|
||||
|
||||
// some configuration
|
||||
$escape_invalid_children = $config->get('Core', 'EscapeInvalidChildren');
|
||||
|
||||
foreach ($tokens_of_children as $token) {
|
||||
if (!empty($token->is_whitespace)) {
|
||||
$result[] = $token;
|
||||
@@ -125,21 +135,21 @@ class HTMLPurifier_ChildDef_Required extends HTMLPurifier_ChildDef
|
||||
$is_deleting = false;
|
||||
if (!isset($this->elements[$token->name])) {
|
||||
$is_deleting = true;
|
||||
if ($pcdata_allowed) {
|
||||
//$result[] = new HTMLPurifier_Token_Text(
|
||||
// $this->gen->generateFromToken($token)
|
||||
//);
|
||||
if ($pcdata_allowed && $escape_invalid_children) {
|
||||
$result[] = new HTMLPurifier_Token_Text(
|
||||
$this->gen->generateFromToken($token)
|
||||
);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if (!$is_deleting) {
|
||||
$result[] = $token;
|
||||
} elseif ($pcdata_allowed) {
|
||||
//$result[] =
|
||||
// new HTMLPurifier_Token_Text(
|
||||
// $this->gen->generateFromToken( $token )
|
||||
// );
|
||||
} elseif ($pcdata_allowed && $escape_invalid_children) {
|
||||
$result[] =
|
||||
new HTMLPurifier_Token_Text(
|
||||
$this->gen->generateFromToken( $token )
|
||||
);
|
||||
} else {
|
||||
// drop silently
|
||||
}
|
||||
@@ -157,8 +167,8 @@ class HTMLPurifier_ChildDef_Optional extends HTMLPurifier_ChildDef_Required
|
||||
{
|
||||
var $allow_empty = true;
|
||||
var $type = 'optional';
|
||||
function validateChildren($tokens_of_children) {
|
||||
$result = parent::validateChildren($tokens_of_children);
|
||||
function validateChildren($tokens_of_children, $config, $context) {
|
||||
$result = parent::validateChildren($tokens_of_children, $config, $context);
|
||||
if ($result === false) return array();
|
||||
return $result;
|
||||
}
|
||||
@@ -170,7 +180,7 @@ class HTMLPurifier_ChildDef_Empty extends HTMLPurifier_ChildDef
|
||||
var $allow_empty = true;
|
||||
var $type = 'empty';
|
||||
function HTMLPurifier_ChildDef_Empty() {}
|
||||
function validateChildren() {
|
||||
function validateChildren($tokens_of_children, $config, $context) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -186,14 +196,16 @@ class HTMLPurifier_ChildDef_Chameleon extends HTMLPurifier_ChildDef
|
||||
$this->block = new HTMLPurifier_ChildDef_Optional($block);
|
||||
}
|
||||
|
||||
function validateChildren($tokens_of_children, $context) {
|
||||
function validateChildren($tokens_of_children, $config, $context) {
|
||||
switch ($context) {
|
||||
case 'unknown':
|
||||
case 'inline':
|
||||
$result = $this->inline->validateChildren($tokens_of_children);
|
||||
$result = $this->inline->validateChildren(
|
||||
$tokens_of_children, $config, $context);
|
||||
break;
|
||||
case 'block':
|
||||
$result = $this->block->validateChildren($tokens_of_children);
|
||||
$result = $this->block->validateChildren(
|
||||
$tokens_of_children, $config, $context);
|
||||
break;
|
||||
default:
|
||||
trigger_error('Invalid context', E_USER_ERROR);
|
||||
|
||||
@@ -12,8 +12,7 @@ class HTMLPurifier_Strategy_Composite
|
||||
trigger_error('Attempt to instantiate abstract object', E_USER_ERROR);
|
||||
}
|
||||
|
||||
function execute($tokens, $config = null) {
|
||||
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
||||
function execute($tokens, $config) {
|
||||
foreach ($this->strategies as $strategy) {
|
||||
$tokens = $strategy->execute($tokens, $config);
|
||||
}
|
||||
|
||||
@@ -40,7 +40,7 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
|
||||
$this->definition = HTMLPurifier_Definition::instance();
|
||||
}
|
||||
|
||||
function execute($tokens) {
|
||||
function execute($tokens, $config) {
|
||||
|
||||
//####################################################################//
|
||||
// Pre-processing
|
||||
@@ -147,7 +147,8 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy
|
||||
$child_def = $def->child;
|
||||
|
||||
// have DTD child def validate children
|
||||
$result = $child_def->validateChildren($child_tokens, $context);
|
||||
$result = $child_def->validateChildren(
|
||||
$child_tokens, $config,$context);
|
||||
|
||||
// determine whether or not this element has any exclusions
|
||||
$excludes = $def->excludes;
|
||||
|
||||
@@ -15,7 +15,7 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy
|
||||
$this->definition = HTMLPurifier_Definition::instance();
|
||||
}
|
||||
|
||||
function execute($tokens) {
|
||||
function execute($tokens, $config) {
|
||||
$result = array();
|
||||
$current_nesting = array();
|
||||
foreach ($tokens as $token) {
|
||||
|
||||
@@ -24,7 +24,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
|
||||
$this->definition = HTMLPurifier_Definition::instance();
|
||||
}
|
||||
|
||||
function execute($tokens) {
|
||||
function execute($tokens, $config) {
|
||||
$result = array();
|
||||
foreach($tokens as $token) {
|
||||
if (!empty( $token->is_tag )) {
|
||||
|
||||
@@ -23,10 +23,7 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy
|
||||
$this->definition = HTMLPurifier_Definition::instance();
|
||||
}
|
||||
|
||||
function execute($tokens, $config = null) {
|
||||
|
||||
// load default configuration object if none passed
|
||||
if (!$config) $config = HTMLPurifier_Config::createDefault();
|
||||
function execute($tokens, $config) {
|
||||
|
||||
// setup StrategyContext
|
||||
$context = new HTMLPurifier_AttrContext();
|
||||
|
||||
Reference in New Issue
Block a user