1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-16 13:39:02 +01:00

fix: Ignore conditional comments (#401)

This commit is contained in:
Kent Oyer 2024-03-12 22:41:45 -05:00 committed by GitHub
parent 9ca5a3687b
commit 4828fdf45a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 18 additions and 34 deletions

View File

@ -269,20 +269,6 @@ class HTMLPurifier_Lexer
);
}
/**
* Special Internet Explorer conditional comments should be removed.
* @param string $string HTML string to process.
* @return string HTML with conditional comments removed.
*/
protected static function removeIEConditional($string)
{
return preg_replace(
'#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
'',
$string
);
}
/**
* Callback function for escapeCDATA() that does the work.
*
@ -323,8 +309,6 @@ class HTMLPurifier_Lexer
// escape CDATA
$html = $this->escapeCDATA($html);
$html = $this->removeIEConditional($html);
// extract body from document if applicable
if ($config->get('Core.ConvertDocumentToFragment')) {
$e = false;

View File

@ -380,6 +380,24 @@ class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
);
}
/**
* Conditional comments are not supported by HTMLPurifier, but we
* should make sure they don't break the lexer.
*/
public function test_tokenizeHTML_conditionalComments()
{
$this->assertTokenization(
'<!--[if mso]>A<![endif]-->B<!--[if !mso]><!---->C<!-- <![endif]-->',
array(
new HTMLPurifier_Token_Comment('[if mso]>A<![endif]'),
new HTMLPurifier_Token_Text("B"),
new HTMLPurifier_Token_Comment('[if !mso]><!--'),
new HTMLPurifier_Token_Text("C"),
new HTMLPurifier_Token_Comment(' <![endif]'),
)
);
}
public function test_tokenizeHTML_unterminatedTag()
{
$this->assertTokenization(
@ -785,14 +803,6 @@ div {}
);
}
public function test_tokenizeHTML_ignoreIECondComment()
{
$this->assertTokenization(
'<!--[if IE]>foo<a>bar<!-- baz --><![endif]-->',
array()
);
}
public function test_tokenizeHTML_removeProcessingInstruction()
{
$this->config->set('Core.RemoveProcessingInstructions', true);
@ -824,16 +834,6 @@ div {}
);
}
public function test_tokenizeHTML_conditionalCommentUngreedy()
{
$this->assertTokenization(
'<!--[if gte mso 9]>a<![endif]-->b<!--[if gte mso 9]>c<![endif]-->',
array(
new HTMLPurifier_Token_Text("b")
)
);
}
public function test_tokenizeHTML_imgTag()
{
$start = array(