diff --git a/NEWS b/NEWS index 4e838c63..23b41c33 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier ! Support for Internet Explorer compatibility with %HTML.SafeObject using %Output.FlashCompat. ! Handle
      properly, by inserting the necessary
    1. tag. +- Always quote the insides of url(...) in CSS. 4.0.0, released 2009-07-07 # APIs for ConfigSchema subsystem have substantially changed. See diff --git a/library/HTMLPurifier/AttrDef/CSS/URI.php b/library/HTMLPurifier/AttrDef/CSS/URI.php index 435d7930..54b7d63f 100644 --- a/library/HTMLPurifier/AttrDef/CSS/URI.php +++ b/library/HTMLPurifier/AttrDef/CSS/URI.php @@ -47,7 +47,7 @@ class HTMLPurifier_AttrDef_CSS_URI extends HTMLPurifier_AttrDef_URI // URI at all $result = str_replace($keys, $values, $result); - return "url($result)"; + return "url('$result')"; } diff --git a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php index bf2f24e0..b36d09a6 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/BackgroundTest.php @@ -8,12 +8,12 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes $config = HTMLPurifier_Config::createDefault(); $this->def = new HTMLPurifier_AttrDef_CSS_Background($config); - $valid = '#333 url(chess.png) repeat fixed 50% top'; + $valid = '#333 url(\'chess.png\') repeat fixed 50% top'; $this->assertDef($valid); $this->assertDef('url("chess.png") #333 50% top repeat fixed', $valid); $this->assertDef( 'rgb(34, 56, 33) url(chess.png) repeat fixed top', - 'rgb(34,56,33) url(chess.png) repeat fixed top' + 'rgb(34,56,33) url(\'chess.png\') repeat fixed top' ); } diff --git a/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php b/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php index fa04fb60..8fd43e59 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/ListStyleTest.php @@ -13,14 +13,14 @@ class HTMLPurifier_AttrDef_CSS_ListStyleTest extends HTMLPurifier_AttrDefHarness $this->assertDef('circle outside'); $this->assertDef('inside'); $this->assertDef('none'); - $this->assertDef('url(foo.gif)'); - $this->assertDef('circle url(foo.gif) inside'); + $this->assertDef('url(\'foo.gif\')'); + $this->assertDef('circle url(\'foo.gif\') inside'); // invalid values $this->assertDef('outside inside', 'outside'); // ordering - $this->assertDef('url(foo.gif) none', 'none url(foo.gif)'); + $this->assertDef('url(foo.gif) none', 'none url(\'foo.gif\')'); $this->assertDef('circle lower-alpha', 'circle'); // the spec is ambiguous about what happens in these // cases, so we're going off the W3C CSS validator diff --git a/tests/HTMLPurifier/AttrDef/CSS/URITest.php b/tests/HTMLPurifier/AttrDef/CSS/URITest.php index 099b1639..20cc79d2 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/URITest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/URITest.php @@ -15,8 +15,8 @@ class HTMLPurifier_AttrDef_CSS_URITest extends HTMLPurifier_AttrDefHarness // no quotes are used, since that's the most widely supported // syntax $this->assertDef('url(', false); - $this->assertDef('url()', true); - $result = "url(http://www.example.com/)"; + $this->assertDef('url(\'\')', true); + $result = "url('http://www.example.com/')"; $this->assertDef('url(http://www.example.com/)', $result); $this->assertDef('url("http://www.example.com/")', $result); $this->assertDef("url('http://www.example.com/')", $result); @@ -25,7 +25,7 @@ class HTMLPurifier_AttrDef_CSS_URITest extends HTMLPurifier_AttrDefHarness // escaping $this->assertDef("url(http://www.example.com/foo,bar\))", - "url(http://www.example.com/foo\,bar\))"); + "url('http://www.example.com/foo\,bar\)')"); } } diff --git a/tests/HTMLPurifier/AttrDef/CSSTest.php b/tests/HTMLPurifier/AttrDef/CSSTest.php index 1c15a5c1..8ef818db 100644 --- a/tests/HTMLPurifier/AttrDef/CSSTest.php +++ b/tests/HTMLPurifier/AttrDef/CSSTest.php @@ -25,7 +25,7 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness $this->assertDef('text-transform:capitalize;'); $this->assertDef('background-color:rgb(0,0,255);'); $this->assertDef('background-color:transparent;'); - $this->assertDef('background:#333 url(chess.png) repeat fixed 50% top;'); + $this->assertDef('background:#333 url(\'chess.png\') repeat fixed 50% top;'); $this->assertDef('color:#F00;'); $this->assertDef('border-top-color:#F00;'); $this->assertDef('border-color:#F00 #FF0;'); @@ -73,9 +73,9 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness $this->assertDef('vertical-align:12px;'); $this->assertDef('vertical-align:50%;'); $this->assertDef('table-layout:fixed;'); - $this->assertDef('list-style-image:url(nice.jpg);'); - $this->assertDef('list-style:disc url(nice.jpg) inside;'); - $this->assertDef('background-image:url(foo.jpg);'); + $this->assertDef('list-style-image:url(\'nice.jpg\');'); + $this->assertDef('list-style:disc url(\'nice.jpg\') inside;'); + $this->assertDef('background-image:url(\'foo.jpg\');'); $this->assertDef('background-image:none;'); $this->assertDef('background-repeat:repeat-y;'); $this->assertDef('background-attachment:fixed;'); @@ -101,7 +101,7 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness // bad props $this->assertDef('nodice:foobar;', false); $this->assertDef('position:absolute;', false); - $this->assertDef('background-image:url(javascript:alert\(\));', false); + $this->assertDef('background-image:url(\'javascript:alert\(\)\');', false); // airy input $this->assertDef(' font-weight : bold; color : #ff0000', diff --git a/tests/HTMLPurifier/HTMLT/munge-extra.htmlt b/tests/HTMLPurifier/HTMLT/munge-extra.htmlt index a469cdd4..c10109ed 100644 --- a/tests/HTMLPurifier/HTMLT/munge-extra.htmlt +++ b/tests/HTMLPurifier/HTMLT/munge-extra.htmlt @@ -7,5 +7,5 @@ URI.MungeResources = true example.com --EXPECT-- Link -example.com +example.com --# vim: et sw=4 sts=4 diff --git a/tests/HTMLPurifier/HTMLT/tidy-background.htmlt b/tests/HTMLPurifier/HTMLT/tidy-background.htmlt index 9b112708..e9438b84 100644 --- a/tests/HTMLPurifier/HTMLT/tidy-background.htmlt +++ b/tests/HTMLPurifier/HTMLT/tidy-background.htmlt @@ -1,5 +1,5 @@ --HTML--
      asdf
      --EXPECT-- -
      asdf
      +
      asdf
      --# vim: et sw=4 sts=4