From 3b979ee846b879ef52b3c75dbebd207f8bed09d1 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Wed, 6 Dec 2006 23:19:59 +0000 Subject: [PATCH] Merged revisions for 1.3.1 release into branch, with local modifications to keep NEWS items in present. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/1.3@604 48356398-32a2-884e-a903-53898d9a118a --- NEWS | 6 +++ TODO | 1 + docs/dev-naming.html | 3 +- library/HTMLPurifier.func.php | 21 ++++++++++ library/HTMLPurifier.php | 2 +- library/HTMLPurifier/AttrTransform.php | 2 +- library/HTMLPurifier/Generator.php | 4 +- library/HTMLPurifier/HTMLDefinition.php | 10 ++--- library/HTMLPurifier/Lexer/DirectLex.php | 14 +++---- library/HTMLPurifier/Strategy/FixNesting.php | 13 +++--- .../HTMLPurifier/Strategy/MakeWellFormed.php | 4 +- .../Strategy/RemoveForeignElements.php | 7 +++- .../Strategy/ValidateAttributes.php | 4 +- library/HTMLPurifier/TagTransform.php | 38 +++++++++--------- library/HTMLPurifier/Token.php | 23 +++++------ library/HTMLPurifier/TokenFactory.php | 12 +++--- smoketests/loadFunc.php | 40 +++++++++++++++++++ .../Strategy/RemoveForeignElementsTest.php | 5 ++- tests/HTMLPurifier/TokenTest.php | 12 +++--- 19 files changed, 149 insertions(+), 72 deletions(-) create mode 100644 library/HTMLPurifier.func.php create mode 100644 smoketests/loadFunc.php diff --git a/NEWS b/NEWS index b9f0fd2b..a4e27fb0 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,12 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier . Internal change ========================== +1.3.1, released 2006-12-06 +! Added HTMLPurifier.func.php stub for a convenient function to call the library +- Fixed bug in RemoveInvalidImg code that caused all images to be dropped + (thanks to .mario for reporting this) +. Standardized all attribute handling variables to attr, made it plural + 1.3.0, released 2006-11-26 # Invalid images are now removed, rather than replaced with a dud Invalid image. Previous behavior can be restored diff --git a/TODO b/TODO index da9e3674..b29e320f 100644 --- a/TODO +++ b/TODO @@ -84,6 +84,7 @@ Requested 3. Extend the tag exclusion system to specify whether or not the contents should be dropped or not (currently, there's code that could do something like this if it didn't drop the inner text too.) + - Accept array input, by iterating and purifying all of the items Wontfix - Non-lossy smart alternate character encoding transformations (unless diff --git a/docs/dev-naming.html b/docs/dev-naming.html index 44200c83..57093dee 100644 --- a/docs/dev-naming.html +++ b/docs/dev-naming.html @@ -54,8 +54,9 @@ help you find the correct functionality more quickly. Here they are:

abbreviated version is more readable than the full version. Here, we list common abbreviations: diff --git a/library/HTMLPurifier.func.php b/library/HTMLPurifier.func.php new file mode 100644 index 00000000..50e7c9b9 --- /dev/null +++ b/library/HTMLPurifier.func.php @@ -0,0 +1,21 @@ +purify($html, $config); +} + +?> \ No newline at end of file diff --git a/library/HTMLPurifier.php b/library/HTMLPurifier.php index dd6deaaa..8577e560 100644 --- a/library/HTMLPurifier.php +++ b/library/HTMLPurifier.php @@ -22,7 +22,7 @@ */ /* - HTML Purifier 1.3.0 - Standards Compliant HTML Filtering + HTML Purifier 1.3.1 - Standards Compliant HTML Filtering Copyright (C) 2006 Edward Z. Yang This library is free software; you can redistribute it and/or diff --git a/library/HTMLPurifier/AttrTransform.php b/library/HTMLPurifier/AttrTransform.php index 416e33a2..3513669a 100644 --- a/library/HTMLPurifier/AttrTransform.php +++ b/library/HTMLPurifier/AttrTransform.php @@ -21,7 +21,7 @@ class HTMLPurifier_AttrTransform * Abstract: makes changes to the attributes dependent on multiple values. * * @param $attr Assoc array of attributes, usually from - * HTMLPurifier_Token_Tag::$attributes + * HTMLPurifier_Token_Tag::$attr * @param $config Mandatory HTMLPurifier_Config object. * @param $context Mandatory HTMLPurifier_Context object * @returns Processed attribute array. diff --git a/library/HTMLPurifier/Generator.php b/library/HTMLPurifier/Generator.php index 95d9c536..b6a9aa24 100644 --- a/library/HTMLPurifier/Generator.php +++ b/library/HTMLPurifier/Generator.php @@ -104,14 +104,14 @@ class HTMLPurifier_Generator function generateFromToken($token) { if (!isset($token->type)) return ''; if ($token->type == 'start') { - $attr = $this->generateAttributes($token->attributes); + $attr = $this->generateAttributes($token->attr); return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>'; } elseif ($token->type == 'end') { return 'name . '>'; } elseif ($token->type == 'empty') { - $attr = $this->generateAttributes($token->attributes); + $attr = $this->generateAttributes($token->attr); return '<' . $token->name . ($attr ? ' ' : '') . $attr . ( $this->_xhtml ? ' /': '' ) . '>'; diff --git a/library/HTMLPurifier/HTMLDefinition.php b/library/HTMLPurifier/HTMLDefinition.php index 13f8c5ca..7ca086a9 100644 --- a/library/HTMLPurifier/HTMLDefinition.php +++ b/library/HTMLPurifier/HTMLDefinition.php @@ -72,7 +72,7 @@ HTMLPurifier_ConfigSchema::define( 'can overload it with your own list of tags to allow. Note that this '. 'method is subtractive: it does its job by taking away from HTML Purifier '. 'usual feature set, so you cannot add a tag that HTML Purifier never '. - 'supported in the first place (like embed). If you change this, you '. + 'supported in the first place (like embed, form or head). If you change this, you '. 'probably also want to change %HTML.AllowedAttributes. '. 'Warning: If another directive conflicts with the '. 'elements here, that directive will win and override. '. @@ -561,18 +561,18 @@ class HTMLPurifier_HTMLDefinition ////////////////////////////////////////////////////////////////////// // %HTML.Allowed(Elements|Attributes) : cut non-allowed elements + $allowed_elements = $config->get('HTML', 'AllowedElements'); if (is_array($allowed_elements)) { - // $allowed_elements[$this->info_parent] = true; // allow parent element foreach ($this->info as $name => $d) { if(!isset($allowed_elements[$name])) unset($this->info[$name]); } } $allowed_attributes = $config->get('HTML', 'AllowedAttributes'); if (is_array($allowed_attributes)) { - foreach ($this->info_global_attr as $attr => $info) { - if (!isset($allowed_attributes["*.$attr"])) { - unset($this->info_global_attr[$attr]); + foreach ($this->info_global_attr as $attr_key => $info) { + if (!isset($allowed_attributes["*.$attr_key"])) { + unset($this->info_global_attr[$attr_key]); } } foreach ($this->info as $tag => $info) { diff --git a/library/HTMLPurifier/Lexer/DirectLex.php b/library/HTMLPurifier/Lexer/DirectLex.php index 30b56ba0..65d95a7c 100644 --- a/library/HTMLPurifier/Lexer/DirectLex.php +++ b/library/HTMLPurifier/Lexer/DirectLex.php @@ -143,18 +143,18 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer ) ); if ($attribute_string) { - $attributes = $this->parseAttributeString( - $attribute_string - , $config, $context - ); + $attr = $this->parseAttributeString( + $attribute_string + , $config, $context + ); } else { - $attributes = array(); + $attr = array(); } if ($is_self_closing) { - $array[] = new HTMLPurifier_Token_Empty($type, $attributes); + $array[] = new HTMLPurifier_Token_Empty($type, $attr); } else { - $array[] = new HTMLPurifier_Token_Start($type, $attributes); + $array[] = new HTMLPurifier_Token_Start($type, $attr); } $cursor = $position_next_gt + 1; $inside_tag = false; diff --git a/library/HTMLPurifier/Strategy/FixNesting.php b/library/HTMLPurifier/Strategy/FixNesting.php index 9ae614e8..dd5a920f 100644 --- a/library/HTMLPurifier/Strategy/FixNesting.php +++ b/library/HTMLPurifier/Strategy/FixNesting.php @@ -156,11 +156,14 @@ class HTMLPurifier_Strategy_FixNesting extends HTMLPurifier_Strategy } - $child_def = $def->child; - - // have DTD child def validate children - $result = $child_def->validateChildren( - $child_tokens, $config, $context); + if (!empty($def->child)) { + // have DTD child def validate children + $result = $def->child->validateChildren( + $child_tokens, $config, $context); + } else { + // weird, no child definition, get rid of everything + $result = false; + } // determine whether or not this element has any exclusions $excludes = $def->excludes; diff --git a/library/HTMLPurifier/Strategy/MakeWellFormed.php b/library/HTMLPurifier/Strategy/MakeWellFormed.php index 52243767..84580d3d 100644 --- a/library/HTMLPurifier/Strategy/MakeWellFormed.php +++ b/library/HTMLPurifier/Strategy/MakeWellFormed.php @@ -30,7 +30,7 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy $token->type == 'start' ) { $result[] = new HTMLPurifier_Token_Empty($token->name, - $token->attributes); + $token->attr); continue; } @@ -39,7 +39,7 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy $token->type == 'empty' ) { $result[] = new HTMLPurifier_Token_Start($token->name, - $token->attributes); + $token->attr); $result[] = new HTMLPurifier_Token_End($token->name); continue; diff --git a/library/HTMLPurifier/Strategy/RemoveForeignElements.php b/library/HTMLPurifier/Strategy/RemoveForeignElements.php index b06c864b..27caf364 100644 --- a/library/HTMLPurifier/Strategy/RemoveForeignElements.php +++ b/library/HTMLPurifier/Strategy/RemoveForeignElements.php @@ -38,7 +38,9 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy // hard-coded image special case, pre-emptively drop // if not available. Probably not abstract-able if ( $token->name == 'img' ) { - if (!isset($token->attr['src'])) continue; + if (!isset($token->attr['src'])) { + continue; + } if (!isset($definition->info['img']->attr['src'])) { continue; } @@ -46,7 +48,8 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy $definition-> info['img']-> attr['src']-> - validate($token->attr['src']); + validate($token->attr['src'], + $config, $context); if ($token->attr['src'] === false) continue; } diff --git a/library/HTMLPurifier/Strategy/ValidateAttributes.php b/library/HTMLPurifier/Strategy/ValidateAttributes.php index 2924aed2..07744f80 100644 --- a/library/HTMLPurifier/Strategy/ValidateAttributes.php +++ b/library/HTMLPurifier/Strategy/ValidateAttributes.php @@ -35,7 +35,7 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy if ($token->type !== 'start' && $token->type !== 'empty') continue; // copy out attributes for easy manipulation - $attr = $token->attributes; + $attr = $token->attr; // do global transformations (pre) // nothing currently utilizes this @@ -117,7 +117,7 @@ class HTMLPurifier_Strategy_ValidateAttributes extends HTMLPurifier_Strategy // commit changes // could interfere with flyweight implementation - $tokens[$key]->attributes = $attr; + $tokens[$key]->attr = $attr; } $context->destroy('IDAccumulator'); diff --git a/library/HTMLPurifier/TagTransform.php b/library/HTMLPurifier/TagTransform.php index ebb59d20..be0555a0 100644 --- a/library/HTMLPurifier/TagTransform.php +++ b/library/HTMLPurifier/TagTransform.php @@ -62,16 +62,16 @@ class HTMLPurifier_TagTransform_Center extends HTMLPurifier_TagTransform $new_tag = new HTMLPurifier_Token_End($this->transform_to); return $new_tag; } - $attributes = $tag->attributes; + $attr = $tag->attr; $prepend_css = 'text-align:center;'; - if (isset($attributes['style'])) { - $attributes['style'] = $prepend_css . $attributes['style']; + if (isset($attr['style'])) { + $attr['style'] = $prepend_css . $attr['style']; } else { - $attributes['style'] = $prepend_css; + $attr['style'] = $prepend_css; } $new_tag = $tag->copy(); $new_tag->name = $this->transform_to; - $new_tag->attributes = $attributes; + $new_tag->attr = $attr; return $new_tag; } } @@ -115,39 +115,39 @@ class HTMLPurifier_TagTransform_Font extends HTMLPurifier_TagTransform return $new_tag; } - $attributes = $tag->attributes; + $attr = $tag->attr; $prepend_style = ''; // handle color transform - if (isset($attributes['color'])) { - $prepend_style .= 'color:' . $attributes['color'] . ';'; - unset($attributes['color']); + if (isset($attr['color'])) { + $prepend_style .= 'color:' . $attr['color'] . ';'; + unset($attr['color']); } // handle face transform - if (isset($attributes['face'])) { - $prepend_style .= 'font-family:' . $attributes['face'] . ';'; - unset($attributes['face']); + if (isset($attr['face'])) { + $prepend_style .= 'font-family:' . $attr['face'] . ';'; + unset($attr['face']); } // handle size transform - if (isset($attributes['size'])) { - if (isset($this->_size_lookup[$attributes['size']])) { + if (isset($attr['size'])) { + if (isset($this->_size_lookup[$attr['size']])) { $prepend_style .= 'font-size:' . - $this->_size_lookup[$attributes['size']] . ';'; + $this->_size_lookup[$attr['size']] . ';'; } - unset($attributes['size']); + unset($attr['size']); } if ($prepend_style) { - $attributes['style'] = isset($attributes['style']) ? - $prepend_style . $attributes['style'] : + $attr['style'] = isset($attr['style']) ? + $prepend_style . $attr['style'] : $prepend_style; } $new_tag = $tag->copy(); $new_tag->name = $this->transform_to; - $new_tag->attributes = $attributes; + $new_tag->attr = $attr; return $new_tag; diff --git a/library/HTMLPurifier/Token.php b/library/HTMLPurifier/Token.php index 08ade398..555e76f1 100644 --- a/library/HTMLPurifier/Token.php +++ b/library/HTMLPurifier/Token.php @@ -50,30 +50,29 @@ class HTMLPurifier_Token_Tag extends HTMLPurifier_Token // abstract /** * Associative array of the tag's attributes. */ - var $attributes = array(); + var $attr = array(); /** * Non-overloaded constructor, which lower-cases passed tag name. * - * @param $name String name. - * @param $attributes Associative array of attributes. + * @param $name String name. + * @param $attr Associative array of attributes. */ - function HTMLPurifier_Token_Tag($name, $attributes = array()) { - //if ($attributes === null) var_dump(debug_backtrace()); + function HTMLPurifier_Token_Tag($name, $attr = array()) { $this->name = ctype_lower($name) ? $name : strtolower($name); - foreach ($attributes as $key => $value) { + foreach ($attr as $key => $value) { // normalization only necessary when key is not lowercase if (!ctype_lower($key)) { $new_key = strtolower($key); - if (!isset($attributes[$new_key])) { - $attributes[$new_key] = $attributes[$key]; + if (!isset($attr[$new_key])) { + $attr[$new_key] = $attr[$key]; } if ($new_key !== $key) { - unset($attributes[$key]); + unset($attr[$key]); } } } - $this->attributes = $attributes; + $this->attr = $attr; } } @@ -84,7 +83,7 @@ class HTMLPurifier_Token_Start extends HTMLPurifier_Token_Tag { var $type = 'start'; function copy() { - return new HTMLPurifier_Token_Start($this->name, $this->attributes); + return new HTMLPurifier_Token_Start($this->name, $this->attr); } } @@ -95,7 +94,7 @@ class HTMLPurifier_Token_Empty extends HTMLPurifier_Token_Tag { var $type = 'empty'; function copy() { - return new HTMLPurifier_Token_Empty($this->name, $this->attributes); + return new HTMLPurifier_Token_Empty($this->name, $this->attr); } } diff --git a/library/HTMLPurifier/TokenFactory.php b/library/HTMLPurifier/TokenFactory.php index b377490b..25cc4122 100644 --- a/library/HTMLPurifier/TokenFactory.php +++ b/library/HTMLPurifier/TokenFactory.php @@ -37,12 +37,12 @@ class HTMLPurifier_TokenFactory /** * Creates a HTMLPurifier_Token_Start. * @param $name Tag name - * @param $attribute Associative array of attributes + * @param $attr Associative array of attributes * @return Generated HTMLPurifier_Token_Start */ - public function createStart($name, $attributes = array()) { + public function createStart($name, $attr = array()) { $p = clone $this->p_start; - $p->HTMLPurifier_Token_Tag($name, $attributes); + $p->HTMLPurifier_Token_Tag($name, $attr); return $p; } @@ -60,12 +60,12 @@ class HTMLPurifier_TokenFactory /** * Creates a HTMLPurifier_Token_Empty. * @param $name Tag name - * @param $attribute Associative array of attributes + * @param $attr Associative array of attributes * @return Generated HTMLPurifier_Token_Empty */ - public function createEmpty($name, $attributes = array()) { + public function createEmpty($name, $attr = array()) { $p = clone $this->p_empty; - $p->HTMLPurifier_Token_Tag($name, $attributes); + $p->HTMLPurifier_Token_Tag($name, $attr); return $p; } diff --git a/smoketests/loadFunc.php b/smoketests/loadFunc.php new file mode 100644 index 00000000..d93cc0a7 --- /dev/null +++ b/smoketests/loadFunc.php @@ -0,0 +1,40 @@ +'; + +function printb($bool) { + echo '' . ($bool ? 'Pass' : 'Fail') . ''; +} + +function printEval($code) { + echo '
' . htmlspecialchars($code) . '
'; + eval($code); +} + +?> + + + HTML Purifier Function Include Smoketest + + + +

HTML Purifier Function Include Smoketest

+ +

Tests whether or not the includes are done properly and whether or +not the library is lazy loaded.

+ + + +

HTMLPurifier class doesn't exist:

+ + + +

HTMLPurifier class exists:

+ + + \ No newline at end of file diff --git a/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php b/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php index 0318a85a..e2227705 100644 --- a/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php +++ b/tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php @@ -42,12 +42,15 @@ class HTMLPurifier_Strategy_RemoveForeignElementsTest ' Warning!' ); - // test removal of img tag + // test removal of invalid img tag $this->assertResult( '', '' ); + // test preservation of valid img tag + $this->assertResult(''); + } } diff --git a/tests/HTMLPurifier/TokenTest.php b/tests/HTMLPurifier/TokenTest.php index e3adfbfb..6c51808e 100644 --- a/tests/HTMLPurifier/TokenTest.php +++ b/tests/HTMLPurifier/TokenTest.php @@ -5,15 +5,15 @@ require_once 'HTMLPurifier/Token.php'; class HTMLPurifier_TokenTest extends UnitTestCase { - function assertTokenConstruction($name, $attributes, - $expect_name = null, $expect_attributes = null + function assertTokenConstruction($name, $attr, + $expect_name = null, $expect_attr = null ) { if ($expect_name === null) $expect_name = $name; - if ($expect_attributes === null) $expect_attributes = $attributes; - $token = new HTMLPurifier_Token_Start($name, $attributes); + if ($expect_attr === null) $expect_attr = $attr; + $token = new HTMLPurifier_Token_Start($name, $attr); - $this->assertEqual($expect_name, $token->name); - $this->assertEqual($expect_attributes, $token->attributes); + $this->assertEqual($expect_name, $token->name); + $this->assertEqual($expect_attr, $token->attr); } function testConstruct() {