1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-10 09:16:20 +02:00

97 Commits

Author SHA1 Message Date
418eeb7dc0 fix: catastrophic backtracking in Core.AggressivelyFixLt (#440) 2025-06-05 23:49:52 -04:00
c2bc3549a3 fix: non-substantive typos (#434)
Co-authored-by: Viktor Szépe <viktor@szepe.net>
Co-authored-by: Edward Z. Yang <ezyang@mit.edu>
2025-01-14 16:31:27 -05:00
rio
d5150073e9 refactor: #414 remove method substrCount (#415)
Co-authored-by: Edward Z. Yang <ezyang@meta.com>
2024-11-09 22:06:09 -05:00
c9d60c96d7 feat: add directive for removing blank nodes (#404) 2024-04-11 20:52:45 -04:00
909dda6621 Fixed wrong return PHPDoc (#348) 2022-11-18 21:03:18 -08:00
1dd3e52365 PHP 8.1: fix various deprecations/errors in newest version of PHP (#310)
* Test on PHP 8.1

* PHP 8.1: fix deprecated NULL param to glob()

* PHP 8.1: fix PHP error when passing NULL to rawurlencode()

* PHP 8.1: calling ctype_lower with FALSE is deprecated

* PHP 8.1: passing NULL to setAttribute() is deprecated

* PHP 8.1: passing NULL to str_replace() is an error

* PHP 8.1: fix error passing NULL to str_replace()

* PHP 8.1: fix return type deprecation with backwards compatible attribute

* Revert typo
2022-04-08 13:48:12 -04:00
ab2887e423 Fix DOM Lexer for PHP versions older than 5.4 (#225) 2019-08-09 17:01:13 -04:00
8c153eef3a Supported hundreds of nested HTML (#202)
* Supported hundreds of nested HTML (#201)

* Add Core.AllowParseManyTags
2019-07-14 13:15:31 -04:00
3cb77da11d Make tagName and node data detection hhvm compatible (#170) 2018-03-04 13:22:03 -05:00
64baeda65c Deal with old libxml incompatibilities.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-12-22 22:03:02 -05:00
ab9c9f30fd Small typos in comments 2017-12-13 11:16:39 -05:00
7e11c271b9 Revamp entity decoding to be more like HTML5.
See %Core.LegacyEntityDecoder for more details.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-07 17:34:59 -08:00
5662efc936 Fix #78.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 22:54:54 -08:00
15d1a3003a Don't truncate in DOMLex when seeing closing div
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2014-08-31 08:50:33 +01:00
54477c172b Fix infinite loop in Lexer.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-10-27 21:41:08 -07:00
412bae13b5 Fix quadratic behavior in DOMLex due to array_shift.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-09-17 00:48:42 -07:00
fac747bdbd PSR-2 reformatting PHPDoc corrections
With minor corrections.

Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-08-17 22:27:26 -04:00
94468f3c24 Remove PEARSax3 lexer.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2012-01-03 20:40:17 +08:00
a3d71fe606 Iterative traversal of DOM.
There are some deep DOMs you can hit the maximum nesting level
limit in tokenizeDOM (we've experienced this even with maximum nesting
level of 300). Here is an iterative version of the same function with
simple queue/dequeue approach.

Signed-off-by: Maxim Krizhanovsky <darhazer@gmail.com>
2011-01-19 22:06:40 +00:00
9573f0933d Make newline normalization optional. 2010-09-14 23:49:28 -04:00
00c66fa9cb Fix bug in parsing single attribute with entities.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-05-31 19:44:18 -07:00
b3ca1498c2 Add boolean value flag for PEARSax3 for testing if a token is empty.
Signed-off-by: Brian DeRocher <brian@derocher.org>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-02-26 21:36:51 -05:00
ac18672aba Fix extant broken PEARSax3 parsing patterns.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-02-26 21:14:52 -05:00
faf28682ad Manually work around PEARSax3 E_STRICT errors.
Previously, my development environment was not running the PEARSax3
tests because my environment was set to E_STRICT error handling, and
thus the tests were skipped.  Relax this requirement by making the
wrapper class E_STRICT safe.  This introduces a few failing tests.

Also update TODO and add another fresh test.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-02-26 20:42:42 -05:00
86ca784da3 Convert all to new configuration get/set format.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2009-02-21 03:00:34 -05:00
12b811d749 Add vim modelines to all files.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-12-06 04:24:59 -05:00
2c955af135 Remove trailing whitespace.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-12-06 02:28:20 -05:00
6a06b92f0c Setup ErrorCollector to maintain new error format, and output that HTML.
Also changed:
    - DirectLex keeps track of column numbers in context
    - New class HTMLPurifier_ErrorStruct

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-09-15 19:08:58 -04:00
ed7983b559 Refactor lexer instantiation logic with exceptions and forced line tracking.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-09-05 14:04:23 -04:00
c6914dce51 Track column numbers in addition to line numbers.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-09-01 14:10:10 -04:00
aa0fdeee30 Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true
By default, the DirectLex and DOMLex behavior with stray angled brackets
varied a great deal due to their implementations. A little known directive
%Core.AggressivelyFixLt attempted to match DOMLex's behavior with DirectLex's,
but it was off by default. By turning it on by default, users now enjoy these
benefits, and performance-minded users can turn it back off.

Also, several refinements to stray angled bracket parsing was made. Specifically:

* DirectLex: Handle each left angled bracket individually, which prevents
  strange behavior as reported by eon.
* DOMLex: Iterate aggressive lt fix, so that stacked brackets like << are
  handled.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-07-07 08:52:29 -04:00
6bb8c1fcac Handle CRLF discrepancies
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-06-24 21:10:51 -04:00
2f29c27a59 [3.1.0] Fix broken PH5P in latest versions of DOM with bandaid; punt to DirectLex.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1698 48356398-32a2-884e-a903-53898d9a118a
2008-04-26 19:47:22 +00:00
9f1e678b48 [3.1.0] Fixed fatal error in PH5P lexer with invalid tag names
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1650 48356398-32a2-884e-a903-53898d9a118a
2008-04-05 04:28:37 +00:00
cb793cd9b9 - Restore substr_count compatibility method; it's not just PHP 4
- Update missing includes
- Fix generate-standalone.php fatal error
- Make LexerTest resilient against variant versions of libxml

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1573 48356398-32a2-884e-a903-53898d9a118a
2008-02-20 01:28:19 +00:00
6c9c8f2380 [3.1.0] [BACKPORT] Fix bug with comments in styles, and some associated issues
- Restore printTokens()

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1570 48356398-32a2-884e-a903-53898d9a118a
2008-02-20 00:15:44 +00:00
5c0a1d467a [3.1.0] [BACKPORT] Fix bug with trusted script handling for versions of libxml 2.6.28 or later
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1553 48356398-32a2-884e-a903-53898d9a118a
2008-02-16 05:44:14 +00:00
35f8b3c801 Transition is complete! Cleanup and class rearrangement now necessary.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1539 48356398-32a2-884e-a903-53898d9a118a
2008-02-10 20:34:39 +00:00
522c8ed7c2 [3.1.0] The bulk of autoload support added
- Add FSTools:globr()
- require_once removed from all files
- HTMLPurifier.autoload.php added to register autoload handler
- Removed redundant chdir in maintenance script
- Modified standalone to use HTMLPurifier.includes.php for including stuff
- Added maintenance script remove-require-once.php which we used once and should never use again

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1516 48356398-32a2-884e-a903-53898d9a118a
2008-01-27 01:54:41 +00:00
5eee08c548 [3.1.0] Convert tokens to use instanceof, reducing memory footprint and improving comparison speed.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1509 48356398-32a2-884e-a903-53898d9a118a
2008-01-19 20:23:01 +00:00
a7fab00cdd [3.0.0] Convert all $context calls away from references
- Update TODO list
- URISchemeRegistry doesn't return a reference for instance anymore, should do the same for other singletons

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1477 48356398-32a2-884e-a903-53898d9a118a
2008-01-05 00:10:43 +00:00
831f552ec5 [3.0.0] <style> tags can now be extracted from input HTML using %HTML.ExtractStyleBlocks. These contents can be retrieved from $context->get('StyleBlocks');
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1468 48356398-32a2-884e-a903-53898d9a118a
2007-12-12 03:29:12 +00:00
3ef9bdf8a2 __construct'ify all main library classes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1459 48356398-32a2-884e-a903-53898d9a118a
2007-11-29 04:29:51 +00:00
43f01925cd Convert to PHP 5 only codebase, adding visibility modifiers to all members and methods in the main library area (function only for test methods)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1458 48356398-32a2-884e-a903-53898d9a118a
2007-11-25 02:24:39 +00:00
68167176dc [2.1.3]
- Officially support 4.3.7 and up
- Modify PH5P to remove incompatible parameter type def
- Add more versions to multitest

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1441 48356398-32a2-884e-a903-53898d9a118a
2007-11-05 05:25:59 +00:00
bb08f679f0 [2.1.3]
- Work around unnecessary DOMElement type-cast in PH5P that caused errors in PHP 5.1
- Work around PHP 4 SimpleTest lack-of-error complaining for one-time-only HTMLDefinition errors, this may indicate problems with error-collecting facilities in PHP 5
- Make ErrorCollectorEMock work in both PHP 4 and PHP 5
. tests/multitest.php allows you to test multiple versions by running tests/index.php through multiple interpreters using `phpv` shell script (you must provide this script!)
. Minor cosmetic change to flush-definition-cache.php: trailing newline is outputted
. Maintenance script for generating PH5P patch added, original PH5P source file also added under version control
. Full unit test runner script title made more descriptive with PHP version

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1440 48356398-32a2-884e-a903-53898d9a118a
2007-11-05 05:01:51 +00:00
1274cfed49 [2.1.3] Fix possible error in DirectLex reported by Nate Abele
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1438 48356398-32a2-884e-a903-53898d9a118a
2007-11-05 03:22:22 +00:00
cb92a57e4e [2.1.2] Implement experimental HTML5 parsing using PH5P
- Fix debugger so that tokens can be printed without an index
- Fix some broken PEAR unit tests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1383 48356398-32a2-884e-a903-53898d9a118a
2007-08-19 18:49:35 +00:00
24a4dfdf83 [2.1.2?] Fix invisible DirectLex parsing error with empty elements that have attributes containing slashes
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1375 48356398-32a2-884e-a903-53898d9a118a
2007-08-08 05:05:30 +00:00
710820cbe9 [2.1.0] Repair minor PHP4 regression due to undefined configuration directive
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1338 48356398-32a2-884e-a903-53898d9a118a
2007-08-02 01:48:43 +00:00