mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-16 21:48:14 +01:00
[3.1.0] Landed modified patch by Braden Anderson for %CSS.AllowedProperties
- Fix broken ConfigSchema build, as well as broken aliases - Remove another advisory property from runtime ConfigSchema classes - Reorder flush script to more accurately reflect dependencies - Remove some aliases from unit tests git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1635 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
9f2f6c3166
commit
51cbb72649
6
NEWS
6
NEWS
@ -36,6 +36,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
! HTML Purifier now has its own Exception hierarchy under HTMLPurifier_Exception.
|
||||
Developer error (not enduser error) can cause these to be triggered.
|
||||
! Experimental kses() wrapper introduced with HTMLPurifier.kses.php
|
||||
! Finally %CSS.AllowedProperties for tweaking allowed CSS properties without
|
||||
mucking around with HTMLPurifier_CSSDefinition
|
||||
- Autoclose now operates iteratively, i.e. <span><span><div> now has
|
||||
both span tags closed.
|
||||
- Various HTMLPurifier_Config convenience functions now accept another parameter
|
||||
@ -75,7 +77,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
. HTMLPurifier_ConfigSchema->validate() deprecated in favor of
|
||||
HTMLPurifier_VarParser->parse()
|
||||
. Integers auto-cast into float type by VarParser.
|
||||
. HTMLPURIFIER_STRICT
|
||||
. HTMLPURIFIER_STRICT removed; no validation is performed on runtime, only
|
||||
during cache generation
|
||||
. Reordered script calls in maintenance/flush.php
|
||||
|
||||
3.0.0, released 2008-01-06
|
||||
# HTML Purifier is PHP 5 only! The 2.1.x branch will be maintained
|
||||
|
4
TODO
4
TODO
@ -27,6 +27,10 @@ DOCUMENTATION
|
||||
IMPORTANT FEATURES
|
||||
- Get everything into configuration objects (filters, I'm looking at you)
|
||||
- Factor out command line parser into its own class, and unit test it
|
||||
- Verbose mode for webtester that includes transcript from command line
|
||||
- Command line maintenance scripts must complain with exit(1) if there are
|
||||
fatal errors
|
||||
- Emit notices when aliases are used (allow muting these errors)
|
||||
|
||||
CONFIGDOC
|
||||
- Properly integrate new ConfigSchema system into configdoc. DESCRIPTIONS
|
||||
|
@ -212,6 +212,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
$this->info[$k] = new HTMLPurifier_AttrDef_CSS_ImportantDecorator($v, $allow_important);
|
||||
}
|
||||
|
||||
$this->setupConfigStuff($config);
|
||||
}
|
||||
|
||||
protected function doSetupProprietary($config) {
|
||||
@ -245,5 +246,32 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Performs extra config-based processing. Based off of
|
||||
* HTMLPurifier_HTMLDefinition.
|
||||
* @todo Refactor duplicate elements into common class (probably using
|
||||
* composition, not inheritance).
|
||||
*/
|
||||
protected function setupConfigStuff($config) {
|
||||
|
||||
// setup allowed elements
|
||||
$support = "(for information on implementing this, see the ".
|
||||
"support forums) ";
|
||||
$allowed_attributes = $config->get('CSS', 'AllowedProperties');
|
||||
if ($allowed_attributes !== null) {
|
||||
foreach ($this->info as $name => $d) {
|
||||
if(!isset($allowed_attributes[$name])) unset($this->info[$name]);
|
||||
unset($allowed_attributes[$name]);
|
||||
}
|
||||
// emit errors
|
||||
foreach ($allowed_attributes as $name => $d) {
|
||||
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||
$name = htmlspecialchars($name);
|
||||
trigger_error("Style attribute '$name' is not supported $support", E_USER_WARNING);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -51,11 +51,5 @@ class HTMLPurifier_ConfigDef_Directive extends HTMLPurifier_ConfigDef
|
||||
*/
|
||||
public $aliases = array();
|
||||
|
||||
/**
|
||||
* Advisory list of directive aliases, i.e. other directives that
|
||||
* redirect here
|
||||
*/
|
||||
public $directiveAliases = array();
|
||||
|
||||
}
|
||||
|
||||
|
@ -118,7 +118,6 @@ class HTMLPurifier_ConfigSchema {
|
||||
*/
|
||||
public function addAlias($namespace, $name, $new_namespace, $new_name) {
|
||||
$this->info[$namespace][$name] = new HTMLPurifier_ConfigDef_DirectiveAlias($new_namespace, $new_name);
|
||||
$this->info[$new_namespace][$new_name]->directiveAliases[] = "$namespace.$name";
|
||||
}
|
||||
|
||||
// DEPRECATED METHODS
|
||||
|
@ -9,10 +9,10 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
|
||||
|
||||
public function build($interchange) {
|
||||
$schema = new HTMLPurifier_ConfigSchema();
|
||||
foreach ($this->namespaces as $n) {
|
||||
foreach ($interchange->namespaces as $n) {
|
||||
$schema->addNamespace($n->namespace);
|
||||
}
|
||||
foreach ($this->directives as $d) {
|
||||
foreach ($interchange->directives as $d) {
|
||||
$schema->add(
|
||||
$d->id->namespace,
|
||||
$d->id->directive,
|
||||
@ -29,8 +29,8 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
|
||||
}
|
||||
foreach ($d->aliases as $alias) {
|
||||
$schema->addAlias(
|
||||
$alias->id->namespace,
|
||||
$alias->id->directive,
|
||||
$alias->namespace,
|
||||
$alias->directive,
|
||||
$d->id->namespace,
|
||||
$d->id->directive
|
||||
);
|
||||
@ -43,6 +43,7 @@ class HTMLPurifier_ConfigSchema_Builder_ConfigSchema
|
||||
);
|
||||
}
|
||||
}
|
||||
return $schema;
|
||||
}
|
||||
|
||||
}
|
||||
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,17 @@
|
||||
CSS.AllowedProperties
|
||||
TYPE: lookup/null
|
||||
VERSION: 3.1.0
|
||||
DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
|
||||
<p>
|
||||
If HTML Purifier's style attributes set is unsatisfactory for your needs,
|
||||
you can overload it with your own list of tags to allow. Note that this
|
||||
method is subtractive: it does its job by taking away from HTML Purifier
|
||||
usual feature set, so you cannot add an attribute that HTML Purifier never
|
||||
supported in the first place.
|
||||
</p>
|
||||
<p>
|
||||
<strong>Warning:</strong> If another directive conflicts with the
|
||||
elements here, <em>that</em> directive will win and override.
|
||||
</p>
|
@ -1,5 +1,5 @@
|
||||
Filter.ExtractStyleBlocksScope
|
||||
TYPE: string
|
||||
TYPE: string/null
|
||||
VERSION: 3.0.0
|
||||
DEFAULT: NULL
|
||||
--DESCRIPTION--
|
||||
|
@ -252,6 +252,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
||||
}
|
||||
// emit errors
|
||||
foreach ($allowed_elements as $element => $d) {
|
||||
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||
$element = htmlspecialchars($element);
|
||||
trigger_error("Element '$element' is not supported $support", E_USER_WARNING);
|
||||
}
|
||||
@ -283,6 +284,7 @@ class HTMLPurifier_HTMLDefinition extends HTMLPurifier_Definition
|
||||
// emit errors
|
||||
foreach ($allowed_attributes_mutable as $elattr => $d) {
|
||||
list($element, $attribute) = explode('.', $elattr);
|
||||
// :TODO: Is this htmlspecialchars() call really necessary?
|
||||
$element = htmlspecialchars($element);
|
||||
$attribute = htmlspecialchars($attribute);
|
||||
if ($element == '*') {
|
||||
|
@ -18,6 +18,6 @@ function e($cmd) {
|
||||
}
|
||||
|
||||
e('php generate-includes.php');
|
||||
e('php flush-definition-cache.php');
|
||||
e('php generate-schema-cache.php');
|
||||
e('php flush-definition-cache.php');
|
||||
e('php generate-standalone.php');
|
||||
|
@ -45,21 +45,21 @@ class HTMLPurifier_DefinitionCacheFactoryTest extends HTMLPurifier_Harness
|
||||
}
|
||||
|
||||
function test_create_invalid() {
|
||||
$this->config->set('Core', 'DefinitionCache', 'Invalid');
|
||||
$this->config->set('Cache', 'DefinitionImpl', 'Invalid');
|
||||
$this->expectError('Unrecognized DefinitionCache Invalid, using Serializer instead');
|
||||
$cache = $this->factory->create('Test', $this->config);
|
||||
$this->assertIsA($cache, 'HTMLPurifier_DefinitionCache_Serializer');
|
||||
}
|
||||
|
||||
function test_null() {
|
||||
$this->config->set('Core', 'DefinitionCache', null);
|
||||
$this->config->set('Cache', 'DefinitionImpl', null);
|
||||
$cache = $this->factory->create('Test', $this->config);
|
||||
$this->assertEqual($cache, new HTMLPurifier_DefinitionCache_Null('Test'));
|
||||
}
|
||||
|
||||
function test_register() {
|
||||
generate_mock_once('HTMLPurifier_DefinitionCache');
|
||||
$this->config->set('Core', 'DefinitionCache', 'TestCache');
|
||||
$this->config->set('Cache', 'DefinitionImpl', 'TestCache');
|
||||
$this->factory->register('TestCache', $class = 'HTMLPurifier_DefinitionCacheMock');
|
||||
$cache = $this->factory->create('Test', $this->config);
|
||||
$this->assertIsA($cache, $class);
|
||||
|
@ -53,6 +53,23 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
|
||||
|
||||
}
|
||||
|
||||
function testDifferentAllowedCSSProperties() {
|
||||
|
||||
$this->purifier = new HTMLPurifier(array(
|
||||
'CSS.AllowedProperties' => array('color', 'background-color')
|
||||
));
|
||||
|
||||
$this->assertPurification(
|
||||
'<div style="color:#f00;background-color:#ded;">red</div>'
|
||||
);
|
||||
|
||||
$this->assertPurification(
|
||||
'<div style="color:#f00;border:1px solid #000">red</div>',
|
||||
'<div style="color:#f00;">red</div>'
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
function testDisableURI() {
|
||||
|
||||
$this->purifier = new HTMLPurifier( array('Attr.DisableURI' => true) );
|
||||
|
Loading…
x
Reference in New Issue
Block a user