mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-16 21:48:14 +01:00
Supported hundreds of nested HTML (#202)
* Supported hundreds of nested HTML (#201) * Add Core.AllowParseManyTags
This commit is contained in:
parent
524cd08a59
commit
8c153eef3a
1
NEWS
1
NEWS
@ -13,6 +13,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
# SafeScripting is now case-sensitive (previously it was
|
||||
case-insensitive.) Thanks Dimitri Gritsajuk <gritsajuk.dimitri@gmail.com>
|
||||
for reporting.
|
||||
! New directive %Core.AllowParseManyTags which allows parsing of many nested tags.
|
||||
|
||||
4.10.0, released 2018-02-22
|
||||
# PHP 5.3 is no longer officially supported by HTML Purifier
|
||||
|
@ -94,6 +94,11 @@
|
||||
<line>429</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Core.AllowParseManyTags">
|
||||
<file name="HTMLPurifier/Lexer/DOMLex.php">
|
||||
<line>72</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Output.CommentScriptContents">
|
||||
<file name="HTMLPurifier/Generator.php">
|
||||
<line>70</line>
|
||||
|
@ -75,6 +75,7 @@ Core is the potpourri of directives, mostly regarding some minor behavioral
|
||||
tweaks for HTML handling abilities.
|
||||
|
||||
AggressivelyFixLt
|
||||
AllowParseManyTags
|
||||
ConvertDocumentToFragment
|
||||
DirectLexLineNumberSyncInterval
|
||||
LexerImpl
|
||||
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,12 @@
|
||||
Core.AllowParseManyTags
|
||||
TYPE: bool
|
||||
DEFAULT: false
|
||||
VERSION: 4.10.1
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
This directive allows parsing of many nested tags.
|
||||
If you set true, relaxes any hardcoded limit from the parser.
|
||||
However, in that case it may cause a Dos attack.
|
||||
Be careful when enabling it.
|
||||
</p>
|
||||
--# vim: et sw=4 sts=4
|
@ -68,8 +68,13 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
|
||||
$doc = new DOMDocument();
|
||||
$doc->encoding = 'UTF-8'; // theoretically, the above has this covered
|
||||
|
||||
$options = 0;
|
||||
if ($config->get('Core.AllowParseManyTags') && defined('LIBXML_PARSEHUGE')) {
|
||||
$options |= LIBXML_PARSEHUGE;
|
||||
}
|
||||
|
||||
set_error_handler(array($this, 'muteErrorHandler'));
|
||||
$doc->loadHTML($html);
|
||||
$doc->loadHTML($html, $options);
|
||||
restore_error_handler();
|
||||
|
||||
$body = $doc->getElementsByTagName('html')->item(0)-> // <html>
|
||||
|
@ -53,5 +53,6 @@ $config->set('Core.Encoding', $GLOBALS['PHORUM']['DATA']['CHARSET']); // we'll c
|
||||
if (strtolower($GLOBALS['PHORUM']['DATA']['CHARSET']) !== 'utf-8') {
|
||||
$config->set('Core.EscapeNonASCIICharacters', true);
|
||||
}
|
||||
$config->set('Core.AllowParseManyTags', false);
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
@ -384,6 +384,21 @@ a[href|title]
|
||||
$this->config->getHTMLDefinition();
|
||||
}
|
||||
|
||||
public function test_manyNestedTags()
|
||||
{
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
$config->set('Core.AllowParseManyTags', true);
|
||||
$purifier = new HTMLPurifier($config);
|
||||
|
||||
$input = 'I am inside a lot of tags';
|
||||
for ($i = 0; $i < 300; $i++) {
|
||||
$input = '<div>' . $input . '</div>';
|
||||
}
|
||||
$output = $purifier->purify($input);
|
||||
|
||||
$this->assertIdentical($input, $output);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
Loading…
x
Reference in New Issue
Block a user