mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-02 12:21:09 +02:00
Compare commits
53 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
523407fb06 | ||
|
db312435cb | ||
|
8d9f4c9ec1 | ||
|
|
25824056ee | ||
|
|
f1d6da13bc | ||
|
dc27c78871 | ||
|
|
ce9cf2ec99 | ||
|
|
36e06603a8 | ||
|
|
dbbd3e59f9 | ||
|
1c2bae18e3 | ||
|
|
1b80051115 | ||
|
|
c60bba1fe4 | ||
|
|
6ec13635ce | ||
|
|
be2a668e81 | ||
|
dff4746e13 | ||
|
|
3fc193c755 | ||
|
|
1db36fb09d | ||
|
38296c603b | ||
|
1dd3e52365 | ||
|
|
12ab42bd6e | ||
|
|
1c784a5c3d | ||
|
|
41fc223f96 | ||
|
996eaf4331 | ||
|
|
c97bb93223 | ||
|
288bf75acc | ||
|
|
3a368d7668 | ||
|
6f9aac9325 | ||
|
|
1354e7e8c5 | ||
|
214cb8a693 | ||
|
2512f595e0 | ||
|
6aa4166b7e | ||
|
|
4285590c90 | ||
|
15258fd24e | ||
|
|
08e27c97e4 | ||
|
|
d7be9d2a8c | ||
|
|
ce7efc11b2 | ||
|
3bdc031224 | ||
|
d148edbcf1 | ||
|
ced089434d | ||
|
c2c91f52d0 | ||
|
37dd61c45f | ||
|
d15890222b | ||
|
fe0452d688 | ||
|
df923d1f15 | ||
|
4faca32a4d | ||
|
|
a617e55bc6 | ||
|
|
3060a5606c | ||
|
|
b4ec8c8036 | ||
|
|
06b3fc4cf4 | ||
|
|
c6ca293eab | ||
|
|
ab2887e423 | ||
|
|
029d1df5e3 | ||
|
b88fcd180c |
30
.gitattributes
vendored
30
.gitattributes
vendored
@@ -1,13 +1,23 @@
|
||||
/.gitattributes export-ignore
|
||||
/.github export-ignore
|
||||
/.gitignore export-ignore
|
||||
/.travis.yml export-ignore
|
||||
/Doxyfile export-ignore
|
||||
/art/ export-ignore
|
||||
/benchmarks/ export-ignore
|
||||
/configdoc/ export-ignore
|
||||
/art export-ignore
|
||||
/benchmarks export-ignore
|
||||
/configdoc export-ignore
|
||||
/configdoc/usage.xml -crlf
|
||||
/docs/ export-ignore
|
||||
/phpdoc.ini
|
||||
/smoketests/ export-ignore
|
||||
/tests/* export-ignore
|
||||
/tests/path2class.func.php -export-ignore
|
||||
/docs export-ignore
|
||||
/Doxyfile export-ignore
|
||||
/extras export-ignore
|
||||
/INSTALL* export-ignore
|
||||
/maintenance export-ignore
|
||||
/NEWS export-ignore
|
||||
/package.php export-ignore
|
||||
/plugins export-ignore
|
||||
/phpdoc.ini export-ignore
|
||||
/smoketests export-ignore
|
||||
/test-* export-ignore
|
||||
/tests export-ignore
|
||||
/TODO export-ignore
|
||||
/update-for-release export-ignore
|
||||
/WYSIWYG export-ignore
|
||||
/release.config.js export-ignore
|
||||
|
||||
36
.github/workflows/ci.yml
vendored
Normal file
36
.github/workflows/ci.yml
vendored
Normal file
@@ -0,0 +1,36 @@
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
linux_tests:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: true
|
||||
matrix:
|
||||
php: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2']
|
||||
|
||||
name: PHP ${{ matrix.php }}
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Setup PHP
|
||||
uses: shivammathur/setup-php@v2
|
||||
with:
|
||||
php-version: ${{ matrix.php }}
|
||||
tools: composer:v2
|
||||
ini-values: error_reporting=E_ALL
|
||||
extensions: iconv, bcmath, tidy, mbstring, intl
|
||||
|
||||
- name: Install dependencies
|
||||
run: composer install
|
||||
|
||||
- name: Configure simpletest
|
||||
run: cp test-settings.sample.php test-settings.php
|
||||
|
||||
- name: Execute Unit tests
|
||||
run: php tests/index.php
|
||||
19
.github/workflows/lint-pr.yml
vendored
Normal file
19
.github/workflows/lint-pr.yml
vendored
Normal file
@@ -0,0 +1,19 @@
|
||||
name: "Lint PR"
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types:
|
||||
- opened
|
||||
- edited
|
||||
- synchronize
|
||||
|
||||
jobs:
|
||||
main:
|
||||
name: Validate PR title
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: amannn/action-semantic-pull-request@v4
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
29
.github/workflows/release.yml
vendored
Normal file
29
.github/workflows/release.yml
vendored
Normal file
@@ -0,0 +1,29 @@
|
||||
name: release
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
name: Release
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Setup PHP
|
||||
uses: shivammathur/setup-php@v2
|
||||
with:
|
||||
php-version: 5.5
|
||||
|
||||
- name: Run automated release process with semantic-release
|
||||
uses: cycjimmy/semantic-release-action@v2
|
||||
with:
|
||||
extra_plugins: |
|
||||
@semantic-release/changelog
|
||||
@semantic-release/git
|
||||
@semantic-release/exec
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
14
.travis.yml
14
.travis.yml
@@ -1,14 +0,0 @@
|
||||
language: php
|
||||
php:
|
||||
- '5.4'
|
||||
- '5.5'
|
||||
- '5.6'
|
||||
- '7.0'
|
||||
- '7.1'
|
||||
- '7.2'
|
||||
- '7.3'
|
||||
before_script:
|
||||
- git clone --depth=50 https://github.com/ezyang/simpletest.git
|
||||
- cp test-settings.travis.php test-settings.php
|
||||
script:
|
||||
- php tests/index.php
|
||||
6
CHANGELOG.md
Normal file
6
CHANGELOG.md
Normal file
@@ -0,0 +1,6 @@
|
||||
# [4.16.0](https://github.com/ezyang/htmlpurifier/compare/v4.15.0...v4.16.0) (2022-09-18)
|
||||
|
||||
|
||||
### Features
|
||||
|
||||
* add semantic release ([#307](https://github.com/ezyang/htmlpurifier/issues/307)) ([db31243](https://github.com/ezyang/htmlpurifier/commit/db312435cb9d8d73395f75f9642a43ba6de5e903)), closes [#322](https://github.com/ezyang/htmlpurifier/issues/322) [#323](https://github.com/ezyang/htmlpurifier/issues/323) [#326](https://github.com/ezyang/htmlpurifier/issues/326) [#327](https://github.com/ezyang/htmlpurifier/issues/327) [#328](https://github.com/ezyang/htmlpurifier/issues/328) [#329](https://github.com/ezyang/htmlpurifier/issues/329) [#330](https://github.com/ezyang/htmlpurifier/issues/330) [#331](https://github.com/ezyang/htmlpurifier/issues/331) [#332](https://github.com/ezyang/htmlpurifier/issues/332) [#333](https://github.com/ezyang/htmlpurifier/issues/333) [#337](https://github.com/ezyang/htmlpurifier/issues/337) [#335](https://github.com/ezyang/htmlpurifier/issues/335) [ezyang/htmlpurifier#334](https://github.com/ezyang/htmlpurifier/issues/334) [#336](https://github.com/ezyang/htmlpurifier/issues/336) [#338](https://github.com/ezyang/htmlpurifier/issues/338)
|
||||
2
Doxyfile
2
Doxyfile
@@ -31,7 +31,7 @@ PROJECT_NAME = HTMLPurifier
|
||||
# This could be handy for archiving the generated documentation or
|
||||
# if some version control system is used.
|
||||
|
||||
PROJECT_NUMBER = 4.11.0
|
||||
PROJECT_NUMBER = 4.15.0
|
||||
|
||||
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
|
||||
# base path where the generated documentation will be put.
|
||||
|
||||
52
NEWS
52
NEWS
@@ -9,6 +9,58 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
. Internal change
|
||||
==========================
|
||||
|
||||
4.15.0, released 2022-09-18
|
||||
! PHP 8.1 and 8.2 support, esp. fixes for deprecation warnings. A joint effort
|
||||
by David Rans, Tim Düsterhus, Kieran and John Flatness.
|
||||
! Allow contenteditable="false" (#336), contributed by Kieran.
|
||||
- Replace PHP 8.1 deprecated utf8_ functions with mbstring (#326),
|
||||
contributed by John Flatness.
|
||||
- Enhanced composer suggestions with extensions (#317), contributed by
|
||||
func0der.
|
||||
|
||||
4.14.0, released 2021-12-24
|
||||
! Add "background-size" support (#289), contributed by Václav Smítal
|
||||
! Transform deprecated width attribute when tidying HTML, contributed by
|
||||
Kieran.
|
||||
- PHP 8 support, contributed by Maksims Sļotovs.
|
||||
- Improved PHP 7.3 compatibility, contributed by kishor.
|
||||
- Avoid spurious magic quotes notice in PHP 7.4. Thanks
|
||||
Jasper Zonneveld for the fix.
|
||||
- Do not remove thead from table even if there are no tbody/tr (#264).
|
||||
Thanks Marcus Artner for the fix.
|
||||
- Fix "Parameter must be an array or an object that implements
|
||||
Countable" (#285)". Thanks Kieran for this fix.
|
||||
. Fix unnecessary reference assignment, handling behavior change from
|
||||
PHP5 and PHP7. Thanks Arkadiusz Biczewski for the fix.
|
||||
|
||||
4.13.0, released 2020-06-28
|
||||
! Add %HTML.Forms directive, which lets you accept forms in user
|
||||
HTML without requiring full %HTML.Trusted. Note that forms can
|
||||
be (trivially) used to setup phishing; e.g., an attacker can
|
||||
use CSS absolute positioning to overlay a form on top of a login
|
||||
element, so please be sure to use this with care! Fixes #213.
|
||||
Thanks Mateusz Turcza for contributing this feature.
|
||||
! tr@bgcolor attribute is now supported. Thanks Kieran Brahney
|
||||
for this enhancement.
|
||||
- Further improvements to PHP 7.4 support, contributed by Witold
|
||||
Wasiczko and Eloy Lafuente.
|
||||
- Fix PSR-0 compatibility. Thanks Jordi Boggiano for contributing
|
||||
part of this fix.
|
||||
- Fix bug with purifyArray where it doesn't work on empty arrays.
|
||||
Thanks Fräntz Miccoli for the fix.
|
||||
- Reduce amount of maintenance scripts included in distribution
|
||||
packages. Thanks Sergei Morozov for this patch.
|
||||
- Remove leading zeros unless if it is only a zero, fixes #239. Thanks
|
||||
lubomirbartos for this fix.
|
||||
- Correct type hinting of maybeGet*, fixes #240. Thanks Anders Jenbo
|
||||
for this fix.
|
||||
|
||||
4.12.0, released 2019-10-27
|
||||
! PHP 7.4 is supported, thank you Witold Wasiczko, Mateuz Turcza and
|
||||
Edi Modrić
|
||||
- PHPDocs for HTMLModule::addElement() and Bool attr are fixed (thanks
|
||||
Mateusz)
|
||||
|
||||
4.11.0, released 2019-07-14
|
||||
# SafeScripting now matches case-sensitively against its whitelist (previously it was
|
||||
case-insensitive.) Thanks Dimitri Gritsajuk <gritsajuk.dimitri@gmail.com>
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
HTML Purifier [](http://travis-ci.org/ezyang/htmlpurifier)
|
||||
HTML Purifier [](https://github.com/ezyang/htmlpurifier/actions/workflows/ci.yml)
|
||||
=============
|
||||
|
||||
HTML Purifier is an HTML filtering solution that uses a unique combination
|
||||
|
||||
7
WHATSNEW
7
WHATSNEW
@@ -1,7 +0,0 @@
|
||||
HTML Purifier 4.11.x is a maintenance release, collecting a year
|
||||
and a half of accumulated bug fixes. Most notable fixes are
|
||||
compatibility with PHP 7.3, and case-sensitive matching for
|
||||
the SafeScripting whitelist. There are a number small feature
|
||||
enhancements, including an expanded supported color list,
|
||||
initial and inherit support for {min-,max-,}{width,height}
|
||||
and multidimensional array support for purifyArray.
|
||||
@@ -13,13 +13,32 @@
|
||||
}
|
||||
],
|
||||
"require": {
|
||||
"php": ">=5.2"
|
||||
"php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd"
|
||||
"cerdic/css-tidy": "^1.7 || ^2.0",
|
||||
"simpletest/simpletest": "dev-master"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-0": { "HTMLPurifier": "library/" },
|
||||
"files": ["library/HTMLPurifier.composer.php"]
|
||||
}
|
||||
"files": ["library/HTMLPurifier.composer.php"],
|
||||
"exclude-from-classmap": [
|
||||
"/library/HTMLPurifier/Language/"
|
||||
]
|
||||
},
|
||||
"suggest": {
|
||||
"cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
|
||||
"ext-iconv": "Converts text to and from non-UTF-8 encodings",
|
||||
"ext-bcmath": "Used for unit conversion and imagecrash protection",
|
||||
"ext-tidy": "Used for pretty-printing HTML"
|
||||
},
|
||||
"config": {
|
||||
"sort-packages": true
|
||||
},
|
||||
"repositories": [
|
||||
{
|
||||
"type": "vcs",
|
||||
"url": "https://github.com/ezyang/simpletest.git"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
<line>162</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>85</line>
|
||||
<line>326</line>
|
||||
<line>90</line>
|
||||
<line>331</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Lexer/DirectLex.php">
|
||||
<line>67</line>
|
||||
@@ -19,37 +19,37 @@
|
||||
</directive>
|
||||
<directive id="CSS.MaxImgLength">
|
||||
<file name="HTMLPurifier/CSSDefinition.php">
|
||||
<line>240</line>
|
||||
<line>256</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="CSS.Proprietary">
|
||||
<file name="HTMLPurifier/CSSDefinition.php">
|
||||
<line>365</line>
|
||||
<line>381</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="CSS.AllowTricky">
|
||||
<file name="HTMLPurifier/CSSDefinition.php">
|
||||
<line>369</line>
|
||||
<line>385</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="CSS.Trusted">
|
||||
<file name="HTMLPurifier/CSSDefinition.php">
|
||||
<line>373</line>
|
||||
<line>389</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="CSS.AllowImportant">
|
||||
<file name="HTMLPurifier/CSSDefinition.php">
|
||||
<line>377</line>
|
||||
<line>393</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="CSS.AllowedProperties">
|
||||
<file name="HTMLPurifier/CSSDefinition.php">
|
||||
<line>506</line>
|
||||
<line>522</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="CSS.ForbiddenProperties">
|
||||
<file name="HTMLPurifier/CSSDefinition.php">
|
||||
<line>522</line>
|
||||
<line>538</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Cache.DefinitionImpl">
|
||||
@@ -124,7 +124,7 @@
|
||||
<line>122</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>308</line>
|
||||
<line>313</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Output.Newline">
|
||||
@@ -172,8 +172,11 @@
|
||||
<line>234</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>313</line>
|
||||
<line>353</line>
|
||||
<line>318</line>
|
||||
<line>358</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/AttrDef/HTML/ContentEditable.php">
|
||||
<line>8</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/HTMLModule/Image.php">
|
||||
<line>37</line>
|
||||
@@ -250,12 +253,12 @@
|
||||
</directive>
|
||||
<directive id="Core.LexerImpl">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>80</line>
|
||||
<line>85</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Core.MaintainLineNumbers">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>84</line>
|
||||
<line>89</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Lexer/DirectLex.php">
|
||||
<line>62</line>
|
||||
@@ -263,23 +266,23 @@
|
||||
</directive>
|
||||
<directive id="Core.LegacyEntityDecoder">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>215</line>
|
||||
<line>337</line>
|
||||
<line>220</line>
|
||||
<line>342</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Core.ConvertDocumentToFragment">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>324</line>
|
||||
<line>329</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Core.RemoveProcessingInstructions">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>347</line>
|
||||
<line>352</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Core.HiddenElements">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>351</line>
|
||||
<line>356</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
|
||||
<line>36</line>
|
||||
@@ -287,12 +290,12 @@
|
||||
</directive>
|
||||
<directive id="Core.AggressivelyRemoveScript">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>352</line>
|
||||
<line>357</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Core.RemoveScriptContents">
|
||||
<file name="HTMLPurifier/Lexer.php">
|
||||
<line>353</line>
|
||||
<line>358</line>
|
||||
</file>
|
||||
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
|
||||
<line>35</line>
|
||||
@@ -451,7 +454,7 @@
|
||||
</directive>
|
||||
<directive id="HTML.FlashAllowFullScreen">
|
||||
<file name="HTMLPurifier/AttrTransform/SafeParam.php">
|
||||
<line>53</line>
|
||||
<line>58</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="Cache.SerializerPath">
|
||||
@@ -480,6 +483,11 @@
|
||||
<line>330</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="HTML.Forms">
|
||||
<file name="HTMLPurifier/HTMLModule/Forms.php">
|
||||
<line>31</line>
|
||||
</file>
|
||||
</directive>
|
||||
<directive id="HTML.SafeIframe">
|
||||
<file name="HTMLPurifier/HTMLModule/Iframe.php">
|
||||
<line>28</line>
|
||||
|
||||
@@ -136,7 +136,7 @@ class FSTools
|
||||
/**
|
||||
* Recursively globs a directory.
|
||||
*/
|
||||
public function globr($dir, $pattern, $flags = NULL)
|
||||
public function globr($dir, $pattern, $flags = 0)
|
||||
{
|
||||
$files = $this->glob("$dir/$pattern", $flags);
|
||||
if ($files === false) $files = array();
|
||||
|
||||
@@ -4,12 +4,11 @@
|
||||
* @file
|
||||
* Legacy autoloader for systems lacking spl_autoload_register
|
||||
*
|
||||
* Must be separate to prevent deprecation warning on PHP 7.2
|
||||
*/
|
||||
|
||||
function __autoload($class)
|
||||
spl_autoload_register(function($class)
|
||||
{
|
||||
return HTMLPurifier_Bootstrap::autoload($class);
|
||||
}
|
||||
return HTMLPurifier_Bootstrap::autoload($class);
|
||||
});
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
||||
@@ -17,6 +17,7 @@ if (function_exists('spl_autoload_register') && function_exists('spl_autoload_un
|
||||
require dirname(__FILE__) . '/HTMLPurifier.autoload-legacy.php';
|
||||
}
|
||||
|
||||
// phpcs:ignore PHPCompatibility.IniDirectives.RemovedIniDirectives.zend_ze1_compatibility_modeRemoved
|
||||
if (ini_get('zend.ze1_compatibility_mode')) {
|
||||
trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR);
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
|
||||
* FILE, changes will be overwritten the next time the script is run.
|
||||
*
|
||||
* @version 4.11.0
|
||||
* @version 4.15.0
|
||||
*
|
||||
* @warning
|
||||
* You must *not* include any other HTML Purifier files before this file,
|
||||
@@ -107,6 +107,7 @@ require 'HTMLPurifier/AttrDef/HTML/Bool.php';
|
||||
require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
|
||||
require 'HTMLPurifier/AttrDef/HTML/Class.php';
|
||||
require 'HTMLPurifier/AttrDef/HTML/Color.php';
|
||||
require 'HTMLPurifier/AttrDef/HTML/ContentEditable.php';
|
||||
require 'HTMLPurifier/AttrDef/HTML/FrameTarget.php';
|
||||
require 'HTMLPurifier/AttrDef/HTML/ID.php';
|
||||
require 'HTMLPurifier/AttrDef/HTML/Pixels.php';
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
HTML Purifier 4.11.0 - Standards Compliant HTML Filtering
|
||||
HTML Purifier 4.15.0 - Standards Compliant HTML Filtering
|
||||
Copyright (C) 2006-2008 Edward Z. Yang
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
@@ -58,12 +58,12 @@ class HTMLPurifier
|
||||
* Version of HTML Purifier.
|
||||
* @type string
|
||||
*/
|
||||
public $version = '4.11.0';
|
||||
public $version = '4.15.0';
|
||||
|
||||
/**
|
||||
* Constant with version of HTML Purifier.
|
||||
*/
|
||||
const VERSION = '4.11.0';
|
||||
const VERSION = '4.15.0';
|
||||
|
||||
/**
|
||||
* Global configuration object.
|
||||
@@ -240,6 +240,7 @@ class HTMLPurifier
|
||||
public function purifyArray($array_of_html, $config = null)
|
||||
{
|
||||
$context_array = array();
|
||||
$array = array();
|
||||
foreach($array_of_html as $key=>$value){
|
||||
if (is_array($value)) {
|
||||
$array[$key] = $this->purifyArray($value, $config);
|
||||
|
||||
@@ -101,6 +101,7 @@ require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Class.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ContentEditable.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';
|
||||
|
||||
@@ -25,6 +25,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
|
||||
$this->info['background-repeat'] = $def->info['background-repeat'];
|
||||
$this->info['background-attachment'] = $def->info['background-attachment'];
|
||||
$this->info['background-position'] = $def->info['background-position'];
|
||||
$this->info['background-size'] = $def->info['background-size'];
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -53,6 +54,7 @@ class HTMLPurifier_AttrDef_CSS_Background extends HTMLPurifier_AttrDef
|
||||
$caught['repeat'] = false;
|
||||
$caught['attachment'] = false;
|
||||
$caught['position'] = false;
|
||||
$caught['size'] = false;
|
||||
|
||||
$i = 0; // number of catches
|
||||
|
||||
|
||||
@@ -69,7 +69,13 @@ class HTMLPurifier_AttrDef_CSS_Number extends HTMLPurifier_AttrDef
|
||||
return false;
|
||||
}
|
||||
|
||||
$left = ltrim($left, '0');
|
||||
// Remove leading zeros until positive number or a zero stays left
|
||||
if (ltrim($left, '0') != '') {
|
||||
$left = ltrim($left, '0');
|
||||
} else {
|
||||
$left = '0';
|
||||
}
|
||||
|
||||
$right = rtrim($right, '0');
|
||||
|
||||
if ($right === '') {
|
||||
|
||||
@@ -7,7 +7,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
|
||||
{
|
||||
|
||||
/**
|
||||
* @type bool
|
||||
* @type string
|
||||
*/
|
||||
protected $name;
|
||||
|
||||
@@ -17,7 +17,7 @@ class HTMLPurifier_AttrDef_HTML_Bool extends HTMLPurifier_AttrDef
|
||||
public $minimized = true;
|
||||
|
||||
/**
|
||||
* @param bool $name
|
||||
* @param bool|string $name
|
||||
*/
|
||||
public function __construct($name = false)
|
||||
{
|
||||
|
||||
16
library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
Normal file
16
library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
Normal file
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
|
||||
{
|
||||
public function validate($string, $config, $context)
|
||||
{
|
||||
$allowed = array('false');
|
||||
if ($config->get('HTML.Trusted')) {
|
||||
$allowed = array('', 'true', 'false');
|
||||
}
|
||||
|
||||
$enum = new HTMLPurifier_AttrDef_Enum($allowed);
|
||||
|
||||
return $enum->validate($string, $config, $context);
|
||||
}
|
||||
}
|
||||
@@ -8,6 +8,11 @@
|
||||
class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
|
||||
{
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_AttrDef_HTML_ID
|
||||
*/
|
||||
public $idDef;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->idDef = new HTMLPurifier_AttrDef_HTML_ID();
|
||||
|
||||
@@ -24,6 +24,11 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
|
||||
*/
|
||||
private $uri;
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_AttrDef_Enum
|
||||
*/
|
||||
public $wmode;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded
|
||||
|
||||
@@ -41,6 +41,7 @@ class HTMLPurifier_AttrTypes
|
||||
$this->info['IAlign'] = self::makeEnum('top,middle,bottom,left,right');
|
||||
$this->info['LAlign'] = self::makeEnum('top,bottom,left,right');
|
||||
$this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
|
||||
$this->info['ContentEditable'] = new HTMLPurifier_AttrDef_HTML_ContentEditable();
|
||||
|
||||
// unimplemented aliases
|
||||
$this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();
|
||||
|
||||
@@ -109,6 +109,22 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
);
|
||||
$this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
|
||||
|
||||
$this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
|
||||
array(
|
||||
new HTMLPurifier_AttrDef_Enum(
|
||||
array(
|
||||
'auto',
|
||||
'cover',
|
||||
'contain',
|
||||
'initial',
|
||||
'inherit',
|
||||
)
|
||||
),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(),
|
||||
new HTMLPurifier_AttrDef_CSS_Length()
|
||||
)
|
||||
);
|
||||
|
||||
$border_color =
|
||||
$this->info['border-top-color'] =
|
||||
$this->info['border-bottom-color'] =
|
||||
|
||||
@@ -45,7 +45,7 @@ class HTMLPurifier_ChildDef_Custom extends HTMLPurifier_ChildDef
|
||||
protected function _compileRegex()
|
||||
{
|
||||
$raw = str_replace(' ', '', $this->dtd_regex);
|
||||
if ($raw{0} != '(') {
|
||||
if ($raw[0] != '(') {
|
||||
$raw = "($raw)";
|
||||
}
|
||||
$el = '[#a-zA-Z0-9_.-]+';
|
||||
|
||||
@@ -22,6 +22,8 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
|
||||
// XXX: This whole business with 'wrap' is all a bit unsatisfactory
|
||||
public $elements = array('li' => true, 'ul' => true, 'ol' => true);
|
||||
|
||||
public $whitespace;
|
||||
|
||||
/**
|
||||
* @param array $children
|
||||
* @param HTMLPurifier_Config $config
|
||||
|
||||
@@ -164,7 +164,7 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($content)) {
|
||||
if (empty($content) && $thead === false && $tfoot === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ class HTMLPurifier_Config
|
||||
* HTML Purifier's version
|
||||
* @type string
|
||||
*/
|
||||
public $version = '4.11.0';
|
||||
public $version = '4.15.0';
|
||||
|
||||
/**
|
||||
* Whether or not to automatically finalize
|
||||
@@ -408,7 +408,7 @@ class HTMLPurifier_Config
|
||||
* maybeGetRawHTMLDefinition, which is more explicitly
|
||||
* named, instead.
|
||||
*
|
||||
* @return HTMLPurifier_HTMLDefinition
|
||||
* @return HTMLPurifier_HTMLDefinition|null
|
||||
*/
|
||||
public function getHTMLDefinition($raw = false, $optimized = false)
|
||||
{
|
||||
@@ -427,7 +427,7 @@ class HTMLPurifier_Config
|
||||
* maybeGetRawCSSDefinition, which is more explicitly
|
||||
* named, instead.
|
||||
*
|
||||
* @return HTMLPurifier_CSSDefinition
|
||||
* @return HTMLPurifier_CSSDefinition|null
|
||||
*/
|
||||
public function getCSSDefinition($raw = false, $optimized = false)
|
||||
{
|
||||
@@ -446,7 +446,7 @@ class HTMLPurifier_Config
|
||||
* maybeGetRawURIDefinition, which is more explicitly
|
||||
* named, instead.
|
||||
*
|
||||
* @return HTMLPurifier_URIDefinition
|
||||
* @return HTMLPurifier_URIDefinition|null
|
||||
*/
|
||||
public function getURIDefinition($raw = false, $optimized = false)
|
||||
{
|
||||
@@ -468,7 +468,7 @@ class HTMLPurifier_Config
|
||||
* maybe semantics is the "right thing to do."
|
||||
*
|
||||
* @throws HTMLPurifier_Exception
|
||||
* @return HTMLPurifier_Definition
|
||||
* @return HTMLPurifier_Definition|null
|
||||
*/
|
||||
public function getDefinition($type, $raw = false, $optimized = false)
|
||||
{
|
||||
@@ -647,7 +647,7 @@ class HTMLPurifier_Config
|
||||
}
|
||||
|
||||
/**
|
||||
* @return HTMLPurifier_HTMLDefinition
|
||||
* @return HTMLPurifier_HTMLDefinition|null
|
||||
*/
|
||||
public function maybeGetRawHTMLDefinition()
|
||||
{
|
||||
@@ -655,7 +655,7 @@ class HTMLPurifier_Config
|
||||
}
|
||||
|
||||
/**
|
||||
* @return HTMLPurifier_CSSDefinition
|
||||
* @return HTMLPurifier_CSSDefinition|null
|
||||
*/
|
||||
public function maybeGetRawCSSDefinition()
|
||||
{
|
||||
@@ -663,7 +663,7 @@ class HTMLPurifier_Config
|
||||
}
|
||||
|
||||
/**
|
||||
* @return HTMLPurifier_URIDefinition
|
||||
* @return HTMLPurifier_URIDefinition|null
|
||||
*/
|
||||
public function maybeGetRawURIDefinition()
|
||||
{
|
||||
@@ -803,7 +803,7 @@ class HTMLPurifier_Config
|
||||
if ($index !== false) {
|
||||
$array = (isset($array[$index]) && is_array($array[$index])) ? $array[$index] : array();
|
||||
}
|
||||
$mq = $mq_fix && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
|
||||
$mq = $mq_fix && version_compare(PHP_VERSION, '7.4.0', '<') && function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
|
||||
|
||||
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm($allowed, $schema);
|
||||
$ret = array();
|
||||
|
||||
File diff suppressed because one or more lines are too long
11
library/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt
Normal file
11
library/HTMLPurifier/ConfigSchema/schema/HTML.Forms.txt
Normal file
@@ -0,0 +1,11 @@
|
||||
HTML.Forms
|
||||
TYPE: bool
|
||||
VERSION: 4.13.0
|
||||
DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
Whether or not to permit form elements in the user input, regardless of
|
||||
%HTML.Trusted value. Please be very careful when using this functionality, as
|
||||
enabling forms in untrusted documents may allow for phishing attacks.
|
||||
</p>
|
||||
--# vim: et sw=4 sts=4
|
||||
@@ -176,7 +176,7 @@ class HTMLPurifier_ElementDef
|
||||
|
||||
if (!empty($def->content_model)) {
|
||||
$this->content_model =
|
||||
str_replace("#SUPER", $this->content_model, $def->content_model);
|
||||
str_replace("#SUPER", (string)$this->content_model, $def->content_model);
|
||||
$this->child = false;
|
||||
}
|
||||
if (!empty($def->content_model_type)) {
|
||||
|
||||
@@ -159,7 +159,7 @@ class HTMLPurifier_Encoder
|
||||
|
||||
$len = strlen($str);
|
||||
for ($i = 0; $i < $len; $i++) {
|
||||
$in = ord($str{$i});
|
||||
$in = ord($str[$i]);
|
||||
$char .= $str[$i]; // append byte to char
|
||||
if (0 == $mState) {
|
||||
// When mState is zero we expect either a US-ASCII character
|
||||
@@ -398,8 +398,8 @@ class HTMLPurifier_Encoder
|
||||
// characters to their true byte-wise ASCII/UTF-8 equivalents.
|
||||
$str = strtr($str, self::testEncodingSupportsASCII($encoding));
|
||||
return $str;
|
||||
} elseif ($encoding === 'iso-8859-1') {
|
||||
$str = utf8_encode($str);
|
||||
} elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
|
||||
$str = mb_convert_encoding($str, 'UTF-8', 'ISO-8859-1');
|
||||
return $str;
|
||||
}
|
||||
$bug = HTMLPurifier_Encoder::testIconvTruncateBug();
|
||||
@@ -450,8 +450,8 @@ class HTMLPurifier_Encoder
|
||||
// Normal stuff
|
||||
$str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
|
||||
return $str;
|
||||
} elseif ($encoding === 'iso-8859-1') {
|
||||
$str = utf8_decode($str);
|
||||
} elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
|
||||
$str = mb_convert_encoding($str, 'ISO-8859-1', 'UTF-8');
|
||||
return $str;
|
||||
}
|
||||
trigger_error('Encoding not supported', E_USER_ERROR);
|
||||
|
||||
@@ -132,9 +132,9 @@ class HTMLPurifier_HTMLModule
|
||||
* @param string $element Name of element to add
|
||||
* @param string|bool $type What content set should element be registered to?
|
||||
* Set as false to skip this step.
|
||||
* @param string $contents Allowed children in form of:
|
||||
* @param string|HTMLPurifier_ChildDef $contents Allowed children in form of:
|
||||
* "$content_model_type: $content_model"
|
||||
* @param array $attr_includes What attribute collections to register to
|
||||
* @param array|string $attr_includes What attribute collections to register to
|
||||
* element?
|
||||
* @param array $attr What unique attributes does the element define?
|
||||
* @see HTMLPurifier_ElementDef:: for in-depth descriptions of these parameters.
|
||||
@@ -257,8 +257,9 @@ class HTMLPurifier_HTMLModule
|
||||
*/
|
||||
public function makeLookup($list)
|
||||
{
|
||||
$args = func_get_args();
|
||||
if (is_string($list)) {
|
||||
$list = func_get_args();
|
||||
$list = $args;
|
||||
}
|
||||
$ret = array();
|
||||
foreach ($list as $value) {
|
||||
|
||||
@@ -17,6 +17,7 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
|
||||
'class' => 'Class',
|
||||
'id' => 'ID',
|
||||
'title' => 'CDATA',
|
||||
'contenteditable' => 'ContentEditable',
|
||||
),
|
||||
'Lang' => array(),
|
||||
'I18N' => array(
|
||||
|
||||
@@ -28,6 +28,10 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
|
||||
*/
|
||||
public function setup($config)
|
||||
{
|
||||
if ($config->get('HTML.Forms')) {
|
||||
$this->safe = true;
|
||||
}
|
||||
|
||||
$form = $this->addElement(
|
||||
'form',
|
||||
'Form',
|
||||
|
||||
@@ -146,10 +146,7 @@ class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule
|
||||
$type = "info_$type";
|
||||
$e = $this;
|
||||
}
|
||||
// PHP does some weird parsing when I do
|
||||
// $e->$type[$attr], so I have to assign a ref.
|
||||
$f =& $e->$type;
|
||||
$f[$attr] = $fix;
|
||||
$e->{$type}[$attr] = $fix;
|
||||
break;
|
||||
case 'tag_transform':
|
||||
$this->info_tag_transform[$params['element']] = $fix;
|
||||
|
||||
@@ -96,6 +96,7 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
|
||||
|
||||
// @bgcolor for table, tr, td, th ---------------------------------
|
||||
$r['table@bgcolor'] =
|
||||
$r['tr@bgcolor'] =
|
||||
$r['td@bgcolor'] =
|
||||
$r['th@bgcolor'] =
|
||||
new HTMLPurifier_AttrTransform_BgColor();
|
||||
@@ -167,9 +168,11 @@ class HTMLPurifier_HTMLModule_Tidy_XHTMLAndHTML4 extends HTMLPurifier_HTMLModule
|
||||
// @vspace for img ------------------------------------------------
|
||||
$r['img@vspace'] = new HTMLPurifier_AttrTransform_ImgSpace('vspace');
|
||||
|
||||
// @width for hr, td, th ------------------------------------------
|
||||
// @width for table, hr, td, th, col ------------------------------------------
|
||||
$r['table@width'] =
|
||||
$r['td@width'] =
|
||||
$r['th@width'] =
|
||||
$r['col@width'] =
|
||||
$r['hr@width'] = new HTMLPurifier_AttrTransform_Length('width');
|
||||
|
||||
return $r;
|
||||
|
||||
@@ -40,6 +40,9 @@ class HTMLPurifier_Injector_Linkify extends HTMLPurifier_Injector
|
||||
'/\\b((?:[a-z][\\w\\-]+:(?:\\/{1,3}|[a-z0-9%])|www\\d{0,3}[.]|[a-z0-9.\\-]+[.][a-z]{2,4}\\/)(?:[^\\s()<>]|\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\))+(?:\\((?:[^\\s()<>]|(?:\\([^\\s()<>]+\\)))*\\)|[^\\s`!()\\[\\]{};:\'".,<>?\x{00ab}\x{00bb}\x{201c}\x{201d}\x{2018}\x{2019}]))/iu',
|
||||
$token->data, -1, PREG_SPLIT_DELIM_CAPTURE);
|
||||
|
||||
if ($bits === false) {
|
||||
return;
|
||||
}
|
||||
|
||||
$token = array();
|
||||
|
||||
|
||||
@@ -31,6 +31,16 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
|
||||
*/
|
||||
private $context;
|
||||
|
||||
/**
|
||||
* @type SplObjectStorage
|
||||
*/
|
||||
private $markForDeletion;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->markForDeletion = new SplObjectStorage();
|
||||
}
|
||||
|
||||
public function prepare($config, $context)
|
||||
{
|
||||
$this->attrValidator = new HTMLPurifier_AttrValidator();
|
||||
@@ -64,7 +74,7 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
|
||||
|
||||
if ($current instanceof HTMLPurifier_Token_End && $current->name === 'span') {
|
||||
// Mark closing span tag for deletion
|
||||
$current->markForDeletion = true;
|
||||
$this->markForDeletion->attach($current);
|
||||
// Delete open span tag
|
||||
$token = false;
|
||||
}
|
||||
@@ -75,7 +85,8 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
|
||||
*/
|
||||
public function handleEnd(&$token)
|
||||
{
|
||||
if ($token->markForDeletion) {
|
||||
if ($this->markForDeletion->contains($token)) {
|
||||
$this->markForDeletion->detach($token);
|
||||
$token = false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
<?php
|
||||
|
||||
// private class for unit testing
|
||||
|
||||
class HTMLPurifier_Language_en_x_test extends HTMLPurifier_Language
|
||||
{
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
@@ -1,13 +0,0 @@
|
||||
<?php
|
||||
|
||||
// private language message file for unit testing purposes
|
||||
|
||||
$fallback = 'en';
|
||||
|
||||
$messages = array(
|
||||
'HTMLPurifier' => 'HTML Purifier X'
|
||||
);
|
||||
|
||||
$errorNames = array();
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
@@ -1,14 +0,0 @@
|
||||
<?php
|
||||
|
||||
// private language message file for unit testing purposes
|
||||
// this language file has no class associated with it
|
||||
|
||||
$fallback = 'en';
|
||||
|
||||
$messages = array(
|
||||
'HTMLPurifier' => 'HTML Purifier XNone'
|
||||
);
|
||||
|
||||
$errorNames = array();
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
@@ -78,7 +78,7 @@ class HTMLPurifier_Length
|
||||
if ($this->n === '0' && $this->unit === false) {
|
||||
return true;
|
||||
}
|
||||
if (!ctype_lower($this->unit)) {
|
||||
if ($this->unit === false || !ctype_lower($this->unit)) {
|
||||
$this->unit = strtolower($this->unit);
|
||||
}
|
||||
if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) {
|
||||
|
||||
@@ -48,6 +48,11 @@ class HTMLPurifier_Lexer
|
||||
*/
|
||||
public $tracksLineNumbers = false;
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_EntityParser
|
||||
*/
|
||||
private $_entity_parser;
|
||||
|
||||
// -- STATIC ----------------------------------------------------------
|
||||
|
||||
/**
|
||||
@@ -306,8 +311,8 @@ class HTMLPurifier_Lexer
|
||||
{
|
||||
// normalize newlines to \n
|
||||
if ($config->get('Core.NormalizeNewlines')) {
|
||||
$html = str_replace("\r\n", "\n", $html);
|
||||
$html = str_replace("\r", "\n", $html);
|
||||
$html = str_replace("\r\n", "\n", (string)$html);
|
||||
$html = str_replace("\r", "\n", (string)$html);
|
||||
}
|
||||
|
||||
if ($config->get('HTML.Trusted')) {
|
||||
|
||||
@@ -74,7 +74,12 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
|
||||
}
|
||||
|
||||
set_error_handler(array($this, 'muteErrorHandler'));
|
||||
$doc->loadHTML($html, $options);
|
||||
// loadHTML() fails on PHP 5.3 when second parameter is given
|
||||
if ($options) {
|
||||
$doc->loadHTML($html, $options);
|
||||
} else {
|
||||
$doc->loadHTML($html);
|
||||
}
|
||||
restore_error_handler();
|
||||
|
||||
$body = $doc->getElementsByTagName('html')->item(0)-> // <html>
|
||||
|
||||
@@ -4410,7 +4410,7 @@ class HTML5TreeConstructer
|
||||
|
||||
foreach ($token['attr'] as $attr) {
|
||||
if (!$el->hasAttribute($attr['name'])) {
|
||||
$el->setAttribute($attr['name'], $attr['value']);
|
||||
$el->setAttribute($attr['name'], (string)$attr['value']);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -43,8 +43,8 @@ class HTMLPurifier_Printer_HTMLDefinition extends HTMLPurifier_Printer
|
||||
$ret .= $this->element('caption', 'Doctype');
|
||||
$ret .= $this->row('Name', $doctype->name);
|
||||
$ret .= $this->row('XML', $doctype->xml ? 'Yes' : 'No');
|
||||
$ret .= $this->row('Default Modules', implode($doctype->modules, ', '));
|
||||
$ret .= $this->row('Default Tidy Modules', implode($doctype->tidyModules, ', '));
|
||||
$ret .= $this->row('Default Modules', implode(', ', $doctype->modules));
|
||||
$ret .= $this->row('Default Tidy Modules', implode(', ', $doctype->tidyModules));
|
||||
$ret .= $this->end('table');
|
||||
return $ret;
|
||||
}
|
||||
|
||||
@@ -29,6 +29,7 @@ class HTMLPurifier_PropertyListIterator extends FilterIterator
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
#[\ReturnTypeWillChange]
|
||||
public function accept()
|
||||
{
|
||||
$key = $this->getInnerIterator()->key();
|
||||
|
||||
@@ -20,6 +20,7 @@ class HTMLPurifier_StringHash extends ArrayObject
|
||||
* @param mixed $index
|
||||
* @return mixed
|
||||
*/
|
||||
#[\ReturnTypeWillChange]
|
||||
public function offsetGet($index)
|
||||
{
|
||||
$this->accessed[$index] = true;
|
||||
|
||||
@@ -75,7 +75,7 @@ class HTMLPurifier_TagTransform_Font extends HTMLPurifier_TagTransform
|
||||
if (isset($attr['size'])) {
|
||||
// normalize large numbers
|
||||
if ($attr['size'] !== '') {
|
||||
if ($attr['size']{0} == '+' || $attr['size']{0} == '-') {
|
||||
if ($attr['size'][0] == '+' || $attr['size'][0] == '-') {
|
||||
$size = (int)$attr['size'];
|
||||
if ($size < -2) {
|
||||
$attr['size'] = '-2';
|
||||
|
||||
@@ -35,7 +35,7 @@ class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
|
||||
public function filter(&$uri, $config, $context)
|
||||
{
|
||||
foreach ($this->blacklist as $blacklisted_host_fragment) {
|
||||
if (strpos($uri->host, $blacklisted_host_fragment) !== false) {
|
||||
if ($uri->host !== null && strpos($uri->host, $blacklisted_host_fragment) !== false) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -100,11 +100,11 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
|
||||
$string = $uri->toString();
|
||||
// always available
|
||||
$this->replace['%s'] = $string;
|
||||
$this->replace['%r'] = $context->get('EmbeddedURI', true);
|
||||
$token = $context->get('CurrentToken', true);
|
||||
$this->replace['%n'] = $token ? $token->name : null;
|
||||
$this->replace['%m'] = $context->get('CurrentAttr', true);
|
||||
$this->replace['%p'] = $context->get('CurrentCSSProperty', true);
|
||||
$this->replace['%r'] = $context->get('EmbeddedURI', true) ?: '';
|
||||
$token = $context->get('CurrentToken', true) ?: '';
|
||||
$this->replace['%n'] = $token ? $token->name : '';
|
||||
$this->replace['%m'] = $context->get('CurrentAttr', true) ?: '';
|
||||
$this->replace['%p'] = $context->get('CurrentCSSProperty', true) ?: '';
|
||||
// not always available
|
||||
if ($this->secretKey) {
|
||||
$this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);
|
||||
|
||||
@@ -34,7 +34,6 @@ foreach ($files as $file) {
|
||||
postfix_is('.svg', $file) ||
|
||||
postfix_is('.phpt', $file) ||
|
||||
postfix_is('VERSION', $file) ||
|
||||
postfix_is('WHATSNEW', $file) ||
|
||||
postfix_is('configdoc/usage.xml', $file) ||
|
||||
postfix_is('library/HTMLPurifier.includes.php', $file) ||
|
||||
postfix_is('library/HTMLPurifier.safe-includes.php', $file) ||
|
||||
|
||||
@@ -48,7 +48,6 @@ $pkg->setReleaseStability('stable');
|
||||
|
||||
$pkg->addRelease();
|
||||
|
||||
$pkg->setNotes(file_get_contents('WHATSNEW'));
|
||||
$pkg->setPackageType('php');
|
||||
|
||||
$pkg->setPhpDep('5.0.0');
|
||||
|
||||
29
release.config.js
Normal file
29
release.config.js
Normal file
@@ -0,0 +1,29 @@
|
||||
module.exports = {
|
||||
debug: true,
|
||||
branch: 'master',
|
||||
plugins: [
|
||||
'@semantic-release/commit-analyzer',
|
||||
'@semantic-release/release-notes-generator',
|
||||
['@semantic-release/changelog', {'changelogFile': 'NEWS'}],
|
||||
'@semantic-release/exec',
|
||||
['@semantic-release/git', {
|
||||
'assets': ['VERSION', 'NEWS', 'Doxyfile', 'library/HTMLPurifier.php', 'library/HTMLPurifier/Config.php', 'library/HTMLPurifier.includes.php'],
|
||||
}],
|
||||
'@semantic-release/github'
|
||||
],
|
||||
verifyConditions: [
|
||||
'@semantic-release/changelog',
|
||||
'@semantic-release/github',
|
||||
],
|
||||
prepare: [
|
||||
{
|
||||
path: '@semantic-release/exec',
|
||||
cmd: 'php update-for-release ${nextRelease.version}'
|
||||
},
|
||||
'@semantic-release/changelog',
|
||||
'@semantic-release/git',
|
||||
],
|
||||
publish: [
|
||||
'@semantic-release/github',
|
||||
]
|
||||
}
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
header('Content-type: text/html; charset=UTF-8');
|
||||
|
||||
require_once __DIR__.'/../vendor/autoload.php';
|
||||
|
||||
if (!isset($_GET['standalone'])) {
|
||||
require_once '../library/HTMLPurifier.auto.php';
|
||||
} else {
|
||||
|
||||
@@ -3,23 +3,6 @@
|
||||
require_once 'common.php';
|
||||
require_once 'HTMLPurifier/Filter/ExtractStyleBlocks.php';
|
||||
|
||||
// need CSSTidy location
|
||||
$csstidy_location = false;
|
||||
if (file_exists('../conf/test-settings.php')) include '../conf/test-settings.php';
|
||||
if (file_exists('../test-settings.php')) include '../test-settings.php';
|
||||
|
||||
if (!$csstidy_location) {
|
||||
?>
|
||||
Error: <a href="http://csstidy.sourceforge.net/">CSSTidy</a> library not
|
||||
found, please install and configure <code>test-settings.php</code>
|
||||
accordingly.
|
||||
<?php
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once $csstidy_location . 'class.csstidy.php';
|
||||
require_once $csstidy_location . 'class.csstidy_print.php';
|
||||
|
||||
$purifier = new HTMLPurifier(array(
|
||||
'Filter.ExtractStyleBlocks' => true,
|
||||
));
|
||||
|
||||
@@ -17,20 +17,6 @@ if ($data !== false && $data !== '') {
|
||||
exit;
|
||||
}
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// REQUIRED SETTINGS
|
||||
|
||||
// Note on running SimpleTest:
|
||||
// You want the Git copy of SimpleTest, found here:
|
||||
// https://github.com/simpletest/simpletest/
|
||||
//
|
||||
// If SimpleTest is borked with HTML Purifier, please contact me or
|
||||
// the SimpleTest devs; I am a developer for SimpleTest so I should be
|
||||
// able to quickly assess a fix. SimpleTest's problem is my problem!
|
||||
|
||||
// Where is SimpleTest located? Remember to include a trailing slash!
|
||||
$simpletest_location = '/path/to/simpletest/';
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// OPTIONAL SETTINGS
|
||||
|
||||
@@ -50,9 +36,6 @@ $GLOBALS['HTMLPurifierTest']['PHPT'] = false;
|
||||
// If PHPT isn't in your Path via PEAR, set that here:
|
||||
// set_include_path('/path/to/phpt/Core/src' . PATH_SEPARATOR . get_include_path());
|
||||
|
||||
// Where is CSSTidy located? (Include trailing slash. Leave false to disable.)
|
||||
$csstidy_location = false;
|
||||
|
||||
// For tests/multitest.php, which versions to test?
|
||||
$versions_to_test = array();
|
||||
|
||||
@@ -69,6 +52,6 @@ $GLOBALS['HTMLPurifierTest']['PEAR'] = false;
|
||||
|
||||
// If PEAR is enabled, what PEAR tests should be run? (Note: you will
|
||||
// need to ensure these libraries are installed)
|
||||
$GLOBALS['HTMLPurifierTest']['Net_IDNA2'] = true;
|
||||
$GLOBALS['HTMLPurifierTest']['Net_IDNA2'] = false;
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
||||
@@ -1,72 +0,0 @@
|
||||
<?php
|
||||
|
||||
// This file is the configuration for Travis testing.
|
||||
|
||||
// Note: The only external library you *need* is SimpleTest; everything else
|
||||
// is optional.
|
||||
|
||||
// We've got a lot of tests, so we recommend turning the limit off.
|
||||
set_time_limit(0);
|
||||
|
||||
// Turning off output buffering will prevent mysterious errors from core dumps.
|
||||
$data = @ob_get_clean();
|
||||
if ($data !== false && $data !== '') {
|
||||
echo "Output buffer contains data [".urlencode($data)."]\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// REQUIRED SETTINGS
|
||||
|
||||
// Note on running SimpleTest:
|
||||
// You want the Git copy of SimpleTest, found here:
|
||||
// https://github.com/simpletest/simpletest/
|
||||
//
|
||||
// If SimpleTest is borked with HTML Purifier, please contact me or
|
||||
// the SimpleTest devs; I am a developer for SimpleTest so I should be
|
||||
// able to quickly assess a fix. SimpleTest's problem is my problem!
|
||||
|
||||
// Where is SimpleTest located? Remember to include a trailing slash!
|
||||
$simpletest_location = dirname(__FILE__) . '/simpletest/';
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
// OPTIONAL SETTINGS
|
||||
|
||||
// Note on running PHPT:
|
||||
// Vanilla PHPT from https://github.com/tswicegood/PHPT_Core should
|
||||
// work fine on Linux w/o multitest.
|
||||
//
|
||||
// To do multitest or Windows testing, you'll need some more
|
||||
// patches at https://github.com/ezyang/PHPT_Core
|
||||
//
|
||||
// I haven't tested the Windows setup in a while so I don't know if
|
||||
// it still works.
|
||||
|
||||
// Should PHPT tests be enabled?
|
||||
$GLOBALS['HTMLPurifierTest']['PHPT'] = false;
|
||||
|
||||
// If PHPT isn't in your Path via PEAR, set that here:
|
||||
// set_include_path('/path/to/phpt/Core/src' . PATH_SEPARATOR . get_include_path());
|
||||
|
||||
// Where is CSSTidy located? (Include trailing slash. Leave false to disable.)
|
||||
$csstidy_location = false;
|
||||
|
||||
// For tests/multitest.php, which versions to test?
|
||||
$versions_to_test = array();
|
||||
|
||||
// Stable PHP binary to use when invoking maintenance scripts.
|
||||
$php = 'php';
|
||||
|
||||
// For tests/multitest.php, what is the multi-version executable? It must
|
||||
// accept an extra parameter (version number) before all other arguments
|
||||
$phpv = false;
|
||||
|
||||
// Should PEAR tests be run? If you've got a valid PEAR installation, set this
|
||||
// to true (or, if it's not in the include path, to its install directory).
|
||||
$GLOBALS['HTMLPurifierTest']['PEAR'] = false;
|
||||
|
||||
// If PEAR is enabled, what PEAR tests should be run? (Note: you will
|
||||
// need to ensure these libraries are installed)
|
||||
$GLOBALS['HTMLPurifierTest']['Net_IDNA2'] = true;
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
@@ -9,7 +9,7 @@ class HTMLPurifier_AttrDef_CSS_AlphaValueTest extends HTMLPurifier_AttrDefHarnes
|
||||
|
||||
$this->assertDef('0');
|
||||
$this->assertDef('1');
|
||||
$this->assertDef('.2');
|
||||
$this->assertDef('0.2');
|
||||
|
||||
// clamping to [0.0, 1,0]
|
||||
$this->assertDef('1.2', '1');
|
||||
|
||||
@@ -17,7 +17,7 @@ class HTMLPurifier_AttrDef_CSS_BackgroundTest extends HTMLPurifier_AttrDefHarnes
|
||||
);
|
||||
$this->assertDef(
|
||||
'rgba(74, 12, 85, 0.35) repeat fixed bottom',
|
||||
'rgba(74,12,85,.35) repeat fixed bottom'
|
||||
'rgba(74,12,85,0.35) repeat fixed bottom'
|
||||
);
|
||||
$this->assertDef(
|
||||
'hsl(244, 47.4%, 88.1%) right center',
|
||||
|
||||
@@ -20,8 +20,8 @@ class HTMLPurifier_AttrDef_CSS_ColorTest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('rgb(12%,150%,0%)', 'rgb(12%,100%,0%)'); // percentage max values
|
||||
|
||||
$this->assertDef('rgba(255, 0, 0, 0)', 'rgba(255,0,0,0)'); // rm spaces
|
||||
$this->assertDef('rgba(100%,0%,0%,.4)');
|
||||
$this->assertDef('rgba(38.1%,59.7%,1.8%,0.7)', 'rgba(38.1%,59.7%,1.8%,.7)'); // decimals okay
|
||||
$this->assertDef('rgba(100%,0%,0%,0.4)');
|
||||
$this->assertDef('rgba(38.1%,59.7%,1.8%,0.7)', 'rgba(38.1%,59.7%,1.8%,0.7)'); // decimals okay
|
||||
|
||||
$this->assertDef('hsl(275, 45%, 81%)', 'hsl(275,45%,81%)'); // rm spaces
|
||||
$this->assertDef('hsl(100,0%,0%)');
|
||||
@@ -30,8 +30,8 @@ class HTMLPurifier_AttrDef_CSS_ColorTest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('hsl(380,125%,0%)', 'hsl(360,100%,0%)'); // max values
|
||||
|
||||
$this->assertDef('hsla(100, 74%, 29%, 0)', 'hsla(100,74%,29%,0)'); // rm spaces
|
||||
$this->assertDef('hsla(154,87%,21%,.4)');
|
||||
$this->assertDef('hsla(45,94.3%,4.1%,0.7)', 'hsla(45,94.3%,4.1%,.7)'); // decimals okay
|
||||
$this->assertDef('hsla(154,87%,21%,0.4)');
|
||||
$this->assertDef('hsla(45,94.3%,4.1%,0.7)', 'hsla(45,94.3%,4.1%,0.7)'); // decimals okay
|
||||
|
||||
$this->assertDef('#G00', false);
|
||||
$this->assertDef('cmyk(40, 23, 43, 23)', false);
|
||||
|
||||
@@ -12,8 +12,8 @@ class HTMLPurifier_AttrDef_CSS_NumberTest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('1.0', '1');
|
||||
$this->assertDef('34');
|
||||
$this->assertDef('4.5');
|
||||
$this->assertDef('.5');
|
||||
$this->assertDef('0.5', '.5');
|
||||
$this->assertDef('0.5');
|
||||
$this->assertDef('0.5', '0.5');
|
||||
$this->assertDef('-56.9');
|
||||
|
||||
$this->assertDef('0.', '0');
|
||||
@@ -21,10 +21,10 @@ class HTMLPurifier_AttrDef_CSS_NumberTest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('0.0', '0');
|
||||
|
||||
$this->assertDef('1.', '1');
|
||||
$this->assertDef('.1', '.1');
|
||||
$this->assertDef('.1', '0.1');
|
||||
|
||||
$this->assertDef('1.0', '1');
|
||||
$this->assertDef('0.1', '.1');
|
||||
$this->assertDef('0.1', '0.1');
|
||||
|
||||
$this->assertDef('000', '0');
|
||||
$this->assertDef(' 9', '9');
|
||||
|
||||
@@ -92,6 +92,9 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('background-repeat:repeat-y;');
|
||||
$this->assertDef('background-attachment:fixed;');
|
||||
$this->assertDef('background-position:left 90%;');
|
||||
$this->assertDef('background-size:50%;');
|
||||
$this->assertDef('background-size:cover;');
|
||||
$this->assertDef('background-size:200px;');
|
||||
$this->assertDef('border-spacing:1em;');
|
||||
$this->assertDef('border-spacing:1em 2em;');
|
||||
$this->assertDef('border-color: rgb(0, 0, 0) rgb(10,0,10)', 'border-color:rgb(0,0,0) rgb(10,0,10);');
|
||||
@@ -140,8 +143,8 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('scrollbar-highlight-color:#ff69b4;');
|
||||
$this->assertDef('scrollbar-shadow-color:#f0f;');
|
||||
|
||||
$this->assertDef('-moz-opacity:.2;');
|
||||
$this->assertDef('-khtml-opacity:.2;');
|
||||
$this->assertDef('-moz-opacity:0.2;');
|
||||
$this->assertDef('-khtml-opacity:0.2;');
|
||||
$this->assertDef('filter:alpha(opacity=20);');
|
||||
|
||||
$this->assertDef('border-top-left-radius:55pt 25pt;');
|
||||
@@ -160,7 +163,7 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
|
||||
$this->assertDef('display:none;');
|
||||
$this->assertDef('visibility:visible;');
|
||||
$this->assertDef('overflow:scroll;');
|
||||
$this->assertDef('opacity:.2;');
|
||||
$this->assertDef('opacity:0.2;');
|
||||
}
|
||||
|
||||
public function testForbidden()
|
||||
|
||||
27
tests/HTMLPurifier/AttrDef/HTML/ContentEditableTest.php
Normal file
27
tests/HTMLPurifier/AttrDef/HTML/ContentEditableTest.php
Normal file
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
class HTMLPurifier_AttrDef_HTML_ContentEditableTest extends HTMLPurifier_AttrDefHarness
|
||||
{
|
||||
public function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
$this->def = new HTMLPurifier_AttrDef_HTML_ContentEditable();
|
||||
}
|
||||
|
||||
public function test()
|
||||
{
|
||||
$this->assertDef('', false);
|
||||
$this->assertDef('true', false);
|
||||
$this->assertDef('caret', false);
|
||||
$this->assertDef('false');
|
||||
}
|
||||
|
||||
public function testTrustedHtml()
|
||||
{
|
||||
$this->config->set('HTML.Trusted', true);
|
||||
$this->assertDef('');
|
||||
$this->assertDef('true');
|
||||
$this->assertDef('false');
|
||||
$this->assertDef('caret', false);
|
||||
}
|
||||
}
|
||||
@@ -3,6 +3,11 @@
|
||||
class HTMLPurifier_AttrTransform_NameSyncTest extends HTMLPurifier_AttrTransformHarness
|
||||
{
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_IDAccumulator
|
||||
*/
|
||||
public $accumulator;
|
||||
|
||||
public function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
@@ -3,6 +3,11 @@
|
||||
class HTMLPurifier_AttrValidator_ErrorsTest extends HTMLPurifier_ErrorsHarness
|
||||
{
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_Language
|
||||
*/
|
||||
public $language;
|
||||
|
||||
public function setup()
|
||||
{
|
||||
parent::setup();
|
||||
|
||||
@@ -44,6 +44,22 @@ class HTMLPurifier_ChildDef_TableTest extends HTMLPurifier_ChildDefHarness
|
||||
);
|
||||
}
|
||||
|
||||
public function testTheadOnlyNotRemoved()
|
||||
{
|
||||
$this->assertResult(
|
||||
'<thead><tr><th>a</th></tr></thead>',
|
||||
'<thead><tr><th>a</th></tr></thead>'
|
||||
);
|
||||
}
|
||||
|
||||
public function testTbodyOnlyNotRemoved()
|
||||
{
|
||||
$this->assertResult(
|
||||
'<tbody><tr><th>a</th></tr></tbody>',
|
||||
'<tbody><tr><th>a</th></tr></tbody>'
|
||||
);
|
||||
}
|
||||
|
||||
public function testTrOverflowAndClose()
|
||||
{
|
||||
$this->assertResult(
|
||||
|
||||
@@ -5,6 +5,12 @@ generate_mock_once('HTMLPurifier_DefinitionCache');
|
||||
class HTMLPurifier_DefinitionCache_DecoratorHarness extends HTMLPurifier_DefinitionCacheHarness
|
||||
{
|
||||
|
||||
public $cache;
|
||||
|
||||
public $mock;
|
||||
|
||||
public $def;
|
||||
|
||||
public function setup()
|
||||
{
|
||||
$this->mock = new HTMLPurifier_DefinitionCacheMock();
|
||||
|
||||
@@ -1,7 +1,14 @@
|
||||
<?php
|
||||
|
||||
abstract class HTMLPurifier_TestDefinition extends HTMLPurifier_Definition
|
||||
{
|
||||
public $info;
|
||||
public $info_candles;
|
||||
public $info_random;
|
||||
}
|
||||
|
||||
Mock::generatePartial(
|
||||
'HTMLPurifier_Definition',
|
||||
'HTMLPurifier_TestDefinition',
|
||||
'HTMLPurifier_DefinitionTestable',
|
||||
array('doSetup'));
|
||||
|
||||
|
||||
@@ -5,6 +5,8 @@ class HTMLPurifier_EntityParserTest extends HTMLPurifier_Harness
|
||||
|
||||
protected $EntityParser;
|
||||
|
||||
protected $_entity_lookup;
|
||||
|
||||
public function setUp()
|
||||
{
|
||||
$this->EntityParser = new HTMLPurifier_EntityParser();
|
||||
|
||||
@@ -161,6 +161,13 @@ class HTMLPurifier_HTMLModule_FormsTest extends HTMLPurifier_HTMLModuleHarness
|
||||
$this->assertResult('<form action=""><input align="left" /></form>');
|
||||
}
|
||||
|
||||
public function testHTMLFormsConfigDirective()
|
||||
{
|
||||
$this->config->set('HTML.Trusted', false);
|
||||
$this->config->set('HTML.Forms', true);
|
||||
|
||||
$this->assertResult('<form action="..." method="post"><input type="text" /><textarea cols="20" rows="3"></textarea></form>');
|
||||
}
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
||||
@@ -29,45 +29,6 @@ class HTMLPurifier_LanguageFactoryTest extends HTMLPurifier_Harness
|
||||
|
||||
}
|
||||
|
||||
public function testFallback()
|
||||
{
|
||||
$this->config->set('Core.Language', 'en-x-test');
|
||||
$language = $this->factory->create($this->config, $this->context);
|
||||
|
||||
$this->assertIsA($language, 'HTMLPurifier_Language_en_x_test');
|
||||
$this->assertIdentical($language->code, 'en-x-test');
|
||||
|
||||
$language->load();
|
||||
|
||||
// test overloaded message
|
||||
$this->assertIdentical($language->getMessage('HTMLPurifier'), 'HTML Purifier X');
|
||||
|
||||
// test inherited message
|
||||
$this->assertIdentical($language->getMessage('LanguageFactoryTest: Pizza'), 'Pizza');
|
||||
|
||||
}
|
||||
|
||||
public function testFallbackWithNoClass()
|
||||
{
|
||||
$this->config->set('Core.Language', 'en-x-testmini');
|
||||
$language = $this->factory->create($this->config, $this->context);
|
||||
$this->assertIsA($language, 'HTMLPurifier_Language');
|
||||
$this->assertIdentical($language->code, 'en-x-testmini');
|
||||
$language->load();
|
||||
$this->assertIdentical($language->getMessage('HTMLPurifier'), 'HTML Purifier XNone');
|
||||
$this->assertIdentical($language->getMessage('LanguageFactoryTest: Pizza'), 'Pizza');
|
||||
$this->assertIdentical($language->error, false);
|
||||
}
|
||||
|
||||
public function testNoSuchLanguage()
|
||||
{
|
||||
$this->config->set('Core.Language', 'en-x-testnone');
|
||||
$language = $this->factory->create($this->config, $this->context);
|
||||
$this->assertIsA($language, 'HTMLPurifier_Language');
|
||||
$this->assertIdentical($language->code, 'en-x-testnone');
|
||||
$this->assertIdentical($language->error, true);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
||||
@@ -4,10 +4,13 @@ class HTMLPurifier_Strategy_MakeWellFormed_EndRewindInjector extends HTMLPurifie
|
||||
{
|
||||
public $name = 'EndRewindInjector';
|
||||
public $needed = array('span');
|
||||
private $deleteElement = false;
|
||||
|
||||
public function handleElement(&$token)
|
||||
{
|
||||
if (isset($token->_InjectorTest_EndRewindInjector_delete)) {
|
||||
if ($this->deleteElement) {
|
||||
$token = false;
|
||||
$this->deleteElement = false;
|
||||
}
|
||||
}
|
||||
public function handleText(&$token)
|
||||
@@ -23,7 +26,7 @@ class HTMLPurifier_Strategy_MakeWellFormed_EndRewindInjector extends HTMLPurifie
|
||||
$prev->name == 'span'
|
||||
) {
|
||||
$token = false;
|
||||
$prev->_InjectorTest_EndRewindInjector_delete = true;
|
||||
$this->deleteElement = true;
|
||||
$this->rewindOffset(1);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -258,6 +258,13 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
|
||||
);
|
||||
}
|
||||
|
||||
public function testContentEditableAttribute()
|
||||
{
|
||||
$this->assertResult(
|
||||
'<div contenteditable="false"></div>',
|
||||
'<div contenteditable="false"></div>'
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
||||
@@ -28,6 +28,12 @@ class HTMLPurifier_URIFilter_HostBlacklistTest extends HTMLPurifier_URIFilterHar
|
||||
$this->assertFiltering('http://google.com');
|
||||
}
|
||||
|
||||
public function testFragment()
|
||||
{
|
||||
$this->config->set('URI.HostBlacklist', 'example.com');
|
||||
$this->assertFiltering('#foo');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
||||
@@ -3,6 +3,11 @@
|
||||
class HTMLPurifier_URIFilterHarness extends HTMLPurifier_URIHarness
|
||||
{
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_URIFilter
|
||||
*/
|
||||
public $filter;
|
||||
|
||||
protected function assertFiltering($uri, $expect_uri = true)
|
||||
{
|
||||
$this->prepareURI($uri, $expect_uri);
|
||||
|
||||
@@ -32,6 +32,13 @@ class HTMLPurifierTest extends HTMLPurifier_Harness
|
||||
);
|
||||
}
|
||||
|
||||
public function test_purifyArray_empty() {
|
||||
$purifiedEmptyArray = $this->purifier->purifyArray(array());
|
||||
$this->assertTrue(
|
||||
empty($purifiedEmptyArray)
|
||||
);
|
||||
}
|
||||
|
||||
public function testGetInstance()
|
||||
{
|
||||
$purifier = HTMLPurifier::getInstance();
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
require_once __DIR__.'/../vendor/autoload.php';
|
||||
|
||||
if (!defined('HTMLPurifierTest')) {
|
||||
echo "Invalid entry point\n";
|
||||
exit;
|
||||
@@ -27,8 +29,6 @@ $GLOBALS['HTMLPurifierTest']['PHPT'] = true; // do PHPT tests
|
||||
$GLOBALS['HTMLPurifierTest']['PH5P'] = class_exists('DOMDocument');
|
||||
|
||||
// default library settings
|
||||
$simpletest_location = 'simpletest/'; // reasonable guess
|
||||
$csstidy_location = false;
|
||||
$versions_to_test = array();
|
||||
$php = 'php';
|
||||
$phpv = 'phpv';
|
||||
@@ -40,20 +40,6 @@ else {
|
||||
throw new Exception('Please create a test-settings.php file by copying test-settings.sample.php and configuring accordingly');
|
||||
}
|
||||
|
||||
// load SimpleTest
|
||||
require_once $simpletest_location . 'unit_tester.php';
|
||||
require_once $simpletest_location . 'reporter.php';
|
||||
require_once $simpletest_location . 'mock_objects.php';
|
||||
require_once $simpletest_location . 'xml.php';
|
||||
require_once $simpletest_location . 'remote.php';
|
||||
|
||||
// load CSS Tidy
|
||||
if ($csstidy_location !== false) {
|
||||
$old = error_reporting(E_ALL);
|
||||
require $csstidy_location . 'class.csstidy.php';
|
||||
error_reporting($old);
|
||||
}
|
||||
|
||||
// load PEAR to include path
|
||||
if ( is_string($GLOBALS['HTMLPurifierTest']['PEAR']) ) {
|
||||
// if PEAR is true, there's no need to add it to the path
|
||||
|
||||
@@ -18,9 +18,7 @@ switch ($AC['type']) {
|
||||
$test_dirs[] = 'HTMLPurifier';
|
||||
$test_files[] = 'HTMLPurifierTest.php';
|
||||
$test_dirs_exclude['HTMLPurifier/Filter/ExtractStyleBlocksTest.php'] = true;
|
||||
if ($csstidy_location) {
|
||||
$test_files[] = 'HTMLPurifier/Filter/ExtractStyleBlocksTest.php';
|
||||
}
|
||||
$test_files[] = 'HTMLPurifier/Filter/ExtractStyleBlocksTest.php';
|
||||
if ($break) break;
|
||||
case 'configdoc':
|
||||
if (version_compare(PHP_VERSION, '5.2', '>=')) {
|
||||
@@ -29,6 +27,7 @@ switch ($AC['type']) {
|
||||
if ($break) break;
|
||||
case 'fstools':
|
||||
$test_dirs[] = 'FSTools';
|
||||
if ($break) break;
|
||||
case 'htmlt':
|
||||
$htmlt_dirs[] = 'HTMLPurifier/HTMLT';
|
||||
if ($break) break;
|
||||
|
||||
@@ -23,24 +23,7 @@ $version = trim($argv[1]);
|
||||
// ...in VERSION
|
||||
file_put_contents('VERSION', $version);
|
||||
|
||||
// ...in NEWS
|
||||
if ($is_dev = (strpos($version, 'dev') === false)) {
|
||||
$date = date('Y-m-d');
|
||||
$news_c = str_replace(
|
||||
$l = "$version, unknown release date",
|
||||
"$version, released $date",
|
||||
file_get_contents('NEWS'),
|
||||
$c
|
||||
);
|
||||
if (!$c) {
|
||||
echo 'Could not update NEWS, missing ' . $l . PHP_EOL;
|
||||
exit;
|
||||
} elseif ($c > 1) {
|
||||
echo 'More than one release declaration in NEWS replaced' . PHP_EOL;
|
||||
exit;
|
||||
}
|
||||
file_put_contents('NEWS', $news_c);
|
||||
}
|
||||
$is_dev = strpos($version, 'dev') === false;
|
||||
|
||||
// ...in Doxyfile
|
||||
$doxyfile_c = preg_replace(
|
||||
@@ -102,9 +85,22 @@ if (!$c) {
|
||||
}
|
||||
file_put_contents('library/HTMLPurifier/Config.php', $config_c);
|
||||
|
||||
$includes = file_get_contents('library/HTMLPurifier.includes.php');
|
||||
$includes = preg_replace(
|
||||
'/@version .+?/',
|
||||
"@version $version",
|
||||
$includes,
|
||||
1, $c
|
||||
);
|
||||
if (!$c) {
|
||||
echo 'Could not update HTMLPurifier.includes.php, missing @version docblock.' . PHP_EOL;
|
||||
exit;
|
||||
}
|
||||
file_put_contents('HTMLPurifier.includes.php', $includes);
|
||||
|
||||
passthru('maintenance/flush.sh');
|
||||
|
||||
if ($is_dev) echo "Review changes, write something in WHATSNEW and FOCUS, and then commit with log 'Release $version.'" . PHP_EOL;
|
||||
if ($is_dev) echo "Review changes, and then commit with log 'Release $version.'" . PHP_EOL;
|
||||
else echo "Numbers updated to dev, no other modifications necessary!";
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
|
||||
Reference in New Issue
Block a user