Release 2.0.1, merged in 1181 to HEAD.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/strict@1255 48356398-32a2-884e-a903-53898d9a118a
2025-07-30 19:00:10 +02:00 · 2007-06-27 14:30:45 +00:00
parent 42858ad594
commit 495164e938
326 changed files with 3025 additions and 826 deletions
--- a/library/HTMLPurifier/Strategy/RemoveForeignElements.php
+++ b/library/HTMLPurifier/Strategy/RemoveForeignElements.php
@@ -17,9 +17,11 @@ HTMLPurifier_ConfigSchema::define(

 HTMLPurifier_ConfigSchema::define(
    'Core', 'RemoveScriptContents', true, 'bool', '
-This directive enables HTML Purifier to remove not only script tags
-but all of their contents. This directive has been available since 2.0.0,
-revert to pre-2.0.0 behavior by setting to false.
+<p>
+  This directive enables HTML Purifier to remove not only script tags
+  but all of their contents. This directive has been available since 2.0.0,
+  revert to pre-2.0.0 behavior by setting to false.
+</p>
 '
 );

@@ -48,6 +50,17 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
        // removes tokens until it reaches a closing tag with its value
        $remove_until = false;
        
+        // converts comments into text tokens when this is equal to a tag name
+        $textify_comments = false;
+        
+        $token = false;
+        $context->register('CurrentToken', $token);
+        
+        $e = false;
+        if ($config->get('Core', 'CollectErrors')) {
+            $e =& $context->get('ErrorCollector');
+        }
+        
        foreach($tokens as $token) {
            if ($remove_until) {
                if (empty($token->is_tag) || $token->name !== $remove_until) {
@@ -61,11 +74,13 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
                if (
                    isset($definition->info_tag_transform[$token->name])
                ) {
+                    $original_name = $token->name;
                    // there is a transformation for this tag
                    // DEFINITION CALL
                    $token = $definition->
                                info_tag_transform[$token->name]->
                                    transform($token, $config, $context);
+                    if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Tag transform', $original_name);
                }
                
                if (isset($definition->info[$token->name])) {
@@ -76,7 +91,7 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
                        $definition->info[$token->name]->required_attr &&
                        ($token->name != 'img' || $remove_invalid_img) // ensure config option still works
                    ) {
-                        $token = $attr_validator->validateToken($token, $config, $context);
+                        $attr_validator->validateToken($token, $config, $context);
                        $ok = true;
                        foreach ($definition->info[$token->name]->required_attr as $name) {
                            if (!isset($token->attr[$name])) {
@@ -84,12 +99,23 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
                                break;
                            }
                        }
-                        if (!$ok) continue;
+                        if (!$ok) {
+                            if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Missing required attribute', $name);
+                            continue;
+                        }
                        $token->armor['ValidateAttributes'] = true;
                    }
                    
+                    // CAN BE GENERICIZED
+                    if ($token->name == 'script' && $token->type == 'start') {
+                        $textify_comments = $token->name;
+                    } elseif ($token->name === $textify_comments && $token->type == 'end') {
+                        $textify_comments = false;
+                    }
+                    
                } elseif ($escape_invalid_tags) {
-                    // invalid tag, generate HTML and insert in
+                    // invalid tag, generate HTML representation and insert in
+                    if ($e) $e->send(E_WARNING, 'Strategy_RemoveForeignElements: Foreign element to text');
                    $token = new HTMLPurifier_Token_Text(
                        $generator->generateFromToken($token, $config, $context)
                    );
@@ -104,21 +130,37 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
                        } else {
                            $remove_until = false;
                        }
+                        if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Script removed');
+                    } else {
+                        if ($e) $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Foreign element removed');
                    }
                    continue;
                }
            } elseif ($token->type == 'comment') {
-                // strip comments
-                continue;
+                // textify comments in script tags when they are allowed
+                if ($textify_comments !== false) {
+                    $data = $token->data;
+                    $token = new HTMLPurifier_Token_Text($data);
+                } else {
+                    // strip comments
+                    if ($e) $e->send(E_NOTICE, 'Strategy_RemoveForeignElements: Comment removed');
+                    continue;
+                }
            } elseif ($token->type == 'text') {
            } else {
                continue;
            }
            $result[] = $token;
        }
+        if ($remove_until && $e) {
+            // we removed tokens until the end, throw error
+            $e->send(E_ERROR, 'Strategy_RemoveForeignElements: Token removed to end', $remove_until);
+        }
+        
+        $context->destroy('CurrentToken');
+        
        return $result;
    }
    
 }

-?>