[2.0.1] Improve special case handling for <script>

- DirectLex now honors comments with greater than or less than signs in them - Comments are transformed into script elements, ending comments are scrapped - Buggy generator code rewritten to be more error-proof - AttrValidator checks if token has attributes before processing - Remove invalid documentation from Scripting - "Commenting" of script elements switched to the more advanced version git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1189 48356398-32a2-884e-a903-53898d9a118a
2025-08-05 05:37:49 +02:00 · 2007-06-21 14:44:26 +00:00
parent e55551ecdd
commit bf0d659c47
13 changed files with 179 additions and 32 deletions
--- a/library/HTMLPurifier/Strategy/RemoveForeignElements.php
+++ b/library/HTMLPurifier/Strategy/RemoveForeignElements.php
@@ -17,9 +17,11 @@ HTMLPurifier_ConfigSchema::define(

 HTMLPurifier_ConfigSchema::define(
    'Core', 'RemoveScriptContents', true, 'bool', '
-This directive enables HTML Purifier to remove not only script tags
-but all of their contents. This directive has been available since 2.0.0,
-revert to pre-2.0.0 behavior by setting to false.
+<p>
+  This directive enables HTML Purifier to remove not only script tags
+  but all of their contents. This directive has been available since 2.0.0,
+  revert to pre-2.0.0 behavior by setting to false.
+</p>
 '
 );

@@ -48,6 +50,9 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
        // removes tokens until it reaches a closing tag with its value
        $remove_until = false;
        
+        // converts comments into text tokens when this is equal to a tag name
+        $textify_comments = false;
+        
        foreach($tokens as $token) {
            if ($remove_until) {
                if (empty($token->is_tag) || $token->name !== $remove_until) {
@@ -88,6 +93,13 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
                        $token->armor['ValidateAttributes'] = true;
                    }
                    
+                    // CAN BE GENERICIZED
+                    if ($token->name == 'script' && $token->type == 'start') {
+                        $textify_comments = $token->name;
+                    } elseif ($token->name === $textify_comments && $token->type == 'end') {
+                        $textify_comments = false;
+                    }
+                    
                } elseif ($escape_invalid_tags) {
                    // invalid tag, generate HTML and insert in
                    $token = new HTMLPurifier_Token_Text(
@@ -108,8 +120,14 @@ class HTMLPurifier_Strategy_RemoveForeignElements extends HTMLPurifier_Strategy
                    continue;
                }
            } elseif ($token->type == 'comment') {
-                // strip comments
-                continue;
+                // textify comments in script tags when they are allowed
+                if ($textify_comments !== false) {
+                    $data = $token->data;
+                    $token = new HTMLPurifier_Token_Text($data);
+                } else {
+                    // strip comments
+                    continue;
+                }
            } elseif ($token->type == 'text') {
            } else {
                continue;