mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-03 12:47:56 +02:00
Code Issues Releases Wiki Activity

[1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2006-11-17 23:09:10 +00:00
parent b0df2f292f
commit 82afd890c4
12 changed files with 46 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
library/HTMLPurifier/AttrDef/URI.php
View File

@@ -43,10 +43,15 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
var $host;
var $PercentEncoder;
var $embeds;
function HTMLPurifier_AttrDef_URI() {
/**
* @param $embeds Does the URI here result in an extra HTTP request?
*/
function HTMLPurifier_AttrDef_URI($embeds = false) {
$this->host = new HTMLPurifier_AttrDef_Host();
$this->PercentEncoder = new HTMLPurifier_PercentEncoder();
$this->embeds = (bool) $embeds;
}
function validate($uri, $config, &$context) {
@@ -100,6 +105,12 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
}
// the URI we're processing embeds a resource in the page, but the URI
// it references cannot be located
if ($this->embeds && !$scheme_obj->browsable) {
return false;
}
if ($authority !== null) {

4
library/HTMLPurifier/HTMLDefinition.php
View File

@@ -351,12 +351,14 @@ class HTMLPurifier_HTMLDefinition
$e_URI = new HTMLPurifier_AttrDef_URI();
$this->info['a']->attr['href'] =
$this->info['img']->attr['longdesc'] =
$this->info['img']->attr['src'] =
$this->info['del']->attr['cite'] =
$this->info['ins']->attr['cite'] =
$this->info['blockquote']->attr['cite'] =
$this->info['q']->attr['cite'] = $e_URI;
// URI that causes HTTP request
$this->info['img']->attr['src'] = new HTMLPurifier_AttrDef_URI(true);
//////////////////////////////////////////////////////////////////////
// info_tag_transform : transformations of tags

7
library/HTMLPurifier/URIScheme.php
View File

@@ -12,6 +12,13 @@ class HTMLPurifier_URIScheme
*/
var $default_port = null;
/**
* Whether or not URIs of this schem are locatable by a browser
* http and ftp are accessible, while mailto and news are not.
* @public
*/
var $browsable = false;
/**
* Validates the components of a URI
* @note This implementation should be called by children if they define

1
library/HTMLPurifier/URIScheme/ftp.php
View File

@@ -8,6 +8,7 @@ require_once 'HTMLPurifier/URIScheme.php';
class HTMLPurifier_URIScheme_ftp extends HTMLPurifier_URIScheme {
var $default_port = 21;
var $browsable = true; // usually
function validateComponents(
$userinfo, $host, $port, $path, $query, $config, &$context

1
library/HTMLPurifier/URIScheme/http.php
View File

@@ -8,6 +8,7 @@ require_once 'HTMLPurifier/URIScheme.php';
class HTMLPurifier_URIScheme_http extends HTMLPurifier_URIScheme {
var $default_port = 80;
var $browsable = true;
function validateComponents(
$userinfo, $host, $port, $path, $query, $config, &$context

2
library/HTMLPurifier/URIScheme/mailto.php
View File

@@ -13,6 +13,8 @@ require_once 'HTMLPurifier/URIScheme.php';
class HTMLPurifier_URIScheme_mailto extends HTMLPurifier_URIScheme {
var $browsable = false;
function validateComponents(
$userinfo, $host, $port, $path, $query, $config, &$context
) {

2
library/HTMLPurifier/URIScheme/news.php
View File

@@ -7,6 +7,8 @@ require_once 'HTMLPurifier/URIScheme.php';
*/
class HTMLPurifier_URIScheme_news extends HTMLPurifier_URIScheme {
var $browsable = false;
function validateComponents(
$userinfo, $host, $port, $path, $query, $config, &$context
) {

1
library/HTMLPurifier/URIScheme/nntp.php
View File

@@ -8,6 +8,7 @@ require_once 'HTMLPurifier/URIScheme.php';
class HTMLPurifier_URIScheme_nntp extends HTMLPurifier_URIScheme {
var $default_port = 119;
var $browsable = false;
function validateComponents(
$userinfo, $host, $port, $path, $query, $config, &$context