From e08b5aaa704cc29f738f00524f211dc20fb6c5f1 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sat, 31 Mar 2007 03:41:22 +0000 Subject: [PATCH] [1.6.0] Add error messages for when user attempts to "allow" elements or attributes HTML Purifier does not support. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@927 48356398-32a2-884e-a903-53898d9a118a --- NEWS | 2 ++ TODO | 8 ++----- library/HTMLPurifier/HTMLDefinition.php | 31 +++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 0a8b994f..2acd8f20 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier and %Attr.AllowedRev to activate - You can define ID blacklists using regular expressions via %Attr.IDBlacklistRegexp +- Error messages are emitted when you attempt to "allow" elements or + attributes that HTML Purifier does not support 1.5.1, unknown release date - Fix segfault in unit test. The problem is not very reproduceable and diff --git a/TODO b/TODO index b6ce9930..9901a429 100644 --- a/TODO +++ b/TODO @@ -7,16 +7,12 @@ TODO List ? Maybe I'll Do It ========================== -1.6 release [Long Overdue] - - More user-friendly warnings when %HTML.Allow* attempts to specify a - tag or attribute that is not supported - 1.7 release [Advanced API] # Complete advanced API, and fully document it - # Add pre-packaged "levels" of cleaning # Implement all edge-case attribute transforms # Implement all deprecated tags and attributes - - Parse TinyMCE-style whitelist into our %HTML.Allow* whitelists + - Parse TinyMCE-style whitelist into our %HTML.Allow* whitelists (possibly + do this earlier) 1.8 release [Refactor, refactor!] # URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX) diff --git a/library/HTMLPurifier/HTMLDefinition.php b/library/HTMLPurifier/HTMLDefinition.php index 6fca7fb7..e582b81a 100644 --- a/library/HTMLPurifier/HTMLDefinition.php +++ b/library/HTMLPurifier/HTMLDefinition.php @@ -218,18 +218,31 @@ class HTMLPurifier_HTMLDefinition $this->info_parent, $this->config); } + // support template text + $support = "(for information on implementing this, see the ". + "support forums) "; + // setup allowed elements, SubtractiveWhitelist module $allowed_elements = $this->config->get('HTML', 'AllowedElements'); if (is_array($allowed_elements)) { foreach ($this->info as $name => $d) { if(!isset($allowed_elements[$name])) unset($this->info[$name]); + unset($allowed_elements[$name]); + } + // emit errors + foreach ($allowed_elements as $element => $d) { + trigger_error("Element '$element' is not supported $support", E_USER_WARNING); } } + $allowed_attributes = $this->config->get('HTML', 'AllowedAttributes'); + $allowed_attributes_mutable = $allowed_attributes; // by copy! if (is_array($allowed_attributes)) { foreach ($this->info_global_attr as $attr_key => $info) { if (!isset($allowed_attributes["*.$attr_key"])) { unset($this->info_global_attr[$attr_key]); + } elseif (isset($allowed_attributes_mutable["*.$attr_key"])) { + unset($allowed_attributes_mutable["*.$attr_key"]); } } foreach ($this->info as $tag => $info) { @@ -237,9 +250,27 @@ class HTMLPurifier_HTMLDefinition if (!isset($allowed_attributes["$tag.$attr"]) && !isset($allowed_attributes["*.$attr"])) { unset($this->info[$tag]->attr[$attr]); + } else { + if (isset($allowed_attributes_mutable["$tag.$attr"])) { + unset($allowed_attributes_mutable["$tag.$attr"]); + } elseif (isset($allowed_attributes_mutable["*.$attr"])) { + unset($allowed_attributes_mutable["*.$attr"]); + } } } } + // emit errors + foreach ($allowed_attributes_mutable as $elattr => $d) { + list($element, $attribute) = explode('.', $elattr); + if ($element == '*') { + trigger_error("Global attribute '$attribute' is not ". + "supported in any elements $support", + E_USER_WARNING); + } else { + trigger_error("Attribute '$attribute' in element '$element' not supported $support", + E_USER_WARNING); + } + } } }