mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-06 22:26:31 +02:00
Code Issues Releases Wiki Activity

[2.1.4] [MFH] Add protection against imagecrash attack with CSS height/width from r1684

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/php4@1719 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang
2008-05-15 05:21:37 +00:00
parent 5fa575f8ac
commit e7fa8cbdd5
4 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
/**
* Decorator which enables CSS properties to be disabled for specific elements.
*/
class HTMLPurifier_AttrDef_CSS_DenyElementDecorator extends HTMLPurifier_AttrDef
{
var $def, $element;
/**
* @param $def Definition to wrap
* @param $element Element to deny
*/
function HTMLPurifier_AttrDef_CSS_DenyElementDecorator(&$def, $element) {
$this->def =& $def;
$this->element = $element;
}
/**
* Checks if CurrentToken is set and equal to $this->element
*/
function validate($string, $config, $context) {
$token = $context->get('CurrentToken', true);
if ($token && $token->name == $this->element) return false;
return $this->def->validate($string, $config, $context);
}
}