chore(release): 4.17.0 [skip ci]

# [4.17.0](https://github.com/ezyang/htmlpurifier/compare/v4.16.0...v4.17.0) (2023-11-17)

### Bug Fixes

* CSSTidy ImportantComments not handled properly ([#359](https://github.com/ezyang/htmlpurifier/issues/359)) ([78a9b4d](78a9b4d0da))
* fix CI ([#361](https://github.com/ezyang/htmlpurifier/issues/361)) ([9ec687c](9ec687c904))
* Invalid scheme check in Attr.TargetBlank ([#363](https://github.com/ezyang/htmlpurifier/issues/363)) ([0176ef4](0176ef4bb6))
* semantic release ([#339](https://github.com/ezyang/htmlpurifier/issues/339)) ([d82f3d9](d82f3d996a))
* semantic release ([#341](https://github.com/ezyang/htmlpurifier/issues/341)) ([e55fead](e55fead09f)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339)
* Support for locales using decimal separators other than . (dot) ([#372](https://github.com/ezyang/htmlpurifier/issues/372)) ([43f49ac](43f49ac9a5))

### Features

* Add support for all text-decoration properties ([#360](https://github.com/ezyang/htmlpurifier/issues/360)) ([2d775c0](2d775c0187))
* Allows commas to be included in tel URI ([#389](https://github.com/ezyang/htmlpurifier/issues/389)) ([ec92490](ec92490139)), closes [#388](https://github.com/ezyang/htmlpurifier/issues/388)

### Reverts

* Revert "fix: semantic release (#339)" (#340) ([3e83215](3e832152a6)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339) [#340](https://github.com/ezyang/htmlpurifier/issues/340)

.gitattributes

@@ -19,5 +19,5 @@
 /tests export-ignore
 /TODO export-ignore
 /update-for-release export-ignore
-/WHATSNEW export-ignore
 /WYSIWYG export-ignore
+/release.config.js export-ignore

.github/workflows/ci.yml

@@ -10,24 +10,27 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        php: [5.4, 5.5, 5.6, 7.0, 7.1, 7.2, 7.3, 7.4, 8.0]
+        php: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3']
 
     name: PHP ${{ matrix.php }}
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php }}
+          tools: composer:v2
+          ini-values: error_reporting=E_ALL
+          extensions: iconv, bcmath, tidy, mbstring, intl
 
-      - name: Clone simpletest
+      - name: Install dependencies
-        run: git clone --depth=50 https://github.com/ezyang/simpletest.git
+        run: composer install
 
       - name: Configure simpletest
-        run: cp test-settings.travis.php test-settings.php
+        run: cp test-settings.sample.php test-settings.php
 
       - name: Execute Unit tests
         run: php tests/index.php

.github/workflows/lint-pr.yml

@@ -0,0 +1,19 @@
+name: "Lint PR"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    name: Validate PR title
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: amannn/action-semantic-pull-request@v4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,29 @@
+name: release
+
+on:
+  workflow_dispatch:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    name: Release
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.2
+
+      - name: Run automated release process with semantic-release
+        uses: cycjimmy/semantic-release-action@v4
+        with:
+          extra_plugins: |
+            @semantic-release/changelog
+            @semantic-release/git
+            @semantic-release/exec
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Doxyfile

@@ -31,7 +31,7 @@ PROJECT_NAME           = HTMLPurifier
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 4.14.0
+PROJECT_NUMBER         = 4.17.0
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

NEWS

@@ -1,3 +1,26 @@
+# [4.17.0](https://github.com/ezyang/htmlpurifier/compare/v4.16.0...v4.17.0) (2023-11-17)
+
+
+### Bug Fixes
+
+* CSSTidy ImportantComments not handled properly ([#359](https://github.com/ezyang/htmlpurifier/issues/359)) ([78a9b4d](https://github.com/ezyang/htmlpurifier/commit/78a9b4d0dae8bce9a70e4e7e551bf51e9a23706d))
+* fix CI ([#361](https://github.com/ezyang/htmlpurifier/issues/361)) ([9ec687c](https://github.com/ezyang/htmlpurifier/commit/9ec687c904a1fe66a5395d22c50f7043e045d1d3))
+* Invalid scheme check in Attr.TargetBlank ([#363](https://github.com/ezyang/htmlpurifier/issues/363)) ([0176ef4](https://github.com/ezyang/htmlpurifier/commit/0176ef4bb6f57103fdcb60a802603e60e81ee93e))
+* semantic release ([#339](https://github.com/ezyang/htmlpurifier/issues/339)) ([d82f3d9](https://github.com/ezyang/htmlpurifier/commit/d82f3d996a0d9b0f23364946d9a14408c1ad72c5))
+* semantic release ([#341](https://github.com/ezyang/htmlpurifier/issues/341)) ([e55fead](https://github.com/ezyang/htmlpurifier/commit/e55fead09f39430d30f48438f06e7bc2326efc94)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339)
+* Support for locales using decimal separators other than . (dot) ([#372](https://github.com/ezyang/htmlpurifier/issues/372)) ([43f49ac](https://github.com/ezyang/htmlpurifier/commit/43f49ac9a51b81dfd07d3bc8dcfc5ec5637a5e3b))
+
+
+### Features
+
+* Add support for all text-decoration properties ([#360](https://github.com/ezyang/htmlpurifier/issues/360)) ([2d775c0](https://github.com/ezyang/htmlpurifier/commit/2d775c01874e2f676ba1a2d9fe69b47c2a823061))
+* Allows commas to be included in tel URI ([#389](https://github.com/ezyang/htmlpurifier/issues/389)) ([ec92490](https://github.com/ezyang/htmlpurifier/commit/ec924901392f088d334622f806b9449b17b75d7b)), closes [#388](https://github.com/ezyang/htmlpurifier/issues/388)
+
+
+### Reverts
+
+* Revert "fix: semantic release (#339)" (#340) ([3e83215](https://github.com/ezyang/htmlpurifier/commit/3e832152a6173f880c6495a3ab2b0e5235e253a6)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339) [#340](https://github.com/ezyang/htmlpurifier/issues/340)
+
 NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 
@@ -9,6 +32,15 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+4.15.0, released 2022-09-18
+! PHP 8.1 and 8.2 support, esp. fixes for deprecation warnings.  A joint effort
+  by David Rans, Tim Düsterhus, Kieran and John Flatness.
+! Allow contenteditable="false" (#336), contributed by Kieran.
+- Replace PHP 8.1 deprecated utf8_ functions with mbstring (#326),
+  contributed by John Flatness.
+- Enhanced composer suggestions with extensions (#317), contributed by
+  func0der.
+
 4.14.0, released 2021-12-24
 ! Add "background-size" support (#289), contributed by Václav Smítal
 ! Transform deprecated width attribute when tidying HTML, contributed by

VERSION

@@ -1 +1 @@
-4.14.0
+4.17.0

WHATSNEW

@@ -1,4 +0,0 @@
-HTML Purifier 4.14.x is a maintenance release which improves
-PHP7 and PHP8 compatibility.  There are also some minor new features
-(background-size) and some miscellaneous fixes to remove notices
-from recent versions of PHP.

composer.json

@@ -13,7 +13,11 @@
         }
     ],
     "require": {
-        "php": ">=5.2"
+        "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0"
+    },
+    "require-dev": {
+        "cerdic/css-tidy": "^1.7 || ^2.0",
+        "simpletest/simpletest": "dev-master"
     },
     "autoload": {
         "psr-0": { "HTMLPurifier": "library/" },
@@ -21,5 +25,21 @@
         "exclude-from-classmap": [
             "/library/HTMLPurifier/Language/"
         ]
-    }
+    },
+    "suggest": {
+        "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.",
+        "ext-iconv": "Converts text to and from non-UTF-8 encodings",
+        "ext-bcmath": "Used for unit conversion and imagecrash protection",
+        "ext-tidy": "Used for pretty-printing HTML"
+    },
+    "config": {
+        "sort-packages": true
+    },
+    "repositories": [
+        {
+            "type": "vcs",
+            "url": "https://github.com/ezyang/simpletest.git",
+            "no-api": true
+        }
+    ]
 }

configdoc/usage.xml

@@ -5,8 +5,8 @@
    <line>162</line>
   </file>
   <file name="HTMLPurifier/Lexer.php">
-   <line>85</line>
+   <line>90</line>
-   <line>326</line>
+   <line>331</line>
   </file>
   <file name="HTMLPurifier/Lexer/DirectLex.php">
    <line>67</line>
@@ -24,32 +24,32 @@
  </directive>
  <directive id="CSS.Proprietary">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>381</line>
+   <line>398</line>
   </file>
  </directive>
  <directive id="CSS.AllowTricky">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>385</line>
+   <line>402</line>
   </file>
  </directive>
  <directive id="CSS.Trusted">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>389</line>
+   <line>406</line>
   </file>
  </directive>
  <directive id="CSS.AllowImportant">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>393</line>
+   <line>410</line>
   </file>
  </directive>
  <directive id="CSS.AllowedProperties">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>522</line>
+   <line>539</line>
   </file>
  </directive>
  <directive id="CSS.ForbiddenProperties">
   <file name="HTMLPurifier/CSSDefinition.php">
-   <line>538</line>
+   <line>555</line>
   </file>
  </directive>
  <directive id="Cache.DefinitionImpl">
@@ -124,7 +124,7 @@
    <line>122</line>
   </file>
   <file name="HTMLPurifier/Lexer.php">
-   <line>308</line>
+   <line>313</line>
   </file>
  </directive>
  <directive id="Output.Newline">
@@ -172,8 +172,11 @@
    <line>234</line>
   </file>
   <file name="HTMLPurifier/Lexer.php">
-   <line>313</line>
+   <line>318</line>
-   <line>353</line>
+   <line>358</line>
+  </file>
+  <file name="HTMLPurifier/AttrDef/HTML/ContentEditable.php">
+   <line>8</line>
   </file>
   <file name="HTMLPurifier/HTMLModule/Image.php">
    <line>37</line>
@@ -250,12 +253,12 @@
  </directive>
  <directive id="Core.LexerImpl">
   <file name="HTMLPurifier/Lexer.php">
-   <line>80</line>
+   <line>85</line>
   </file>
  </directive>
  <directive id="Core.MaintainLineNumbers">
   <file name="HTMLPurifier/Lexer.php">
-   <line>84</line>
+   <line>89</line>
   </file>
   <file name="HTMLPurifier/Lexer/DirectLex.php">
    <line>62</line>
@@ -263,23 +266,23 @@
  </directive>
  <directive id="Core.LegacyEntityDecoder">
   <file name="HTMLPurifier/Lexer.php">
-   <line>215</line>
+   <line>220</line>
-   <line>337</line>
+   <line>342</line>
   </file>
  </directive>
  <directive id="Core.ConvertDocumentToFragment">
   <file name="HTMLPurifier/Lexer.php">
-   <line>324</line>
+   <line>329</line>
   </file>
  </directive>
  <directive id="Core.RemoveProcessingInstructions">
   <file name="HTMLPurifier/Lexer.php">
-   <line>347</line>
+   <line>352</line>
   </file>
  </directive>
  <directive id="Core.HiddenElements">
   <file name="HTMLPurifier/Lexer.php">
-   <line>351</line>
+   <line>356</line>
   </file>
   <file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
    <line>36</line>
@@ -287,12 +290,12 @@
  </directive>
  <directive id="Core.AggressivelyRemoveScript">
   <file name="HTMLPurifier/Lexer.php">
-   <line>352</line>
+   <line>357</line>
   </file>
  </directive>
  <directive id="Core.RemoveScriptContents">
   <file name="HTMLPurifier/Lexer.php">
-   <line>353</line>
+   <line>358</line>
   </file>
   <file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
    <line>35</line>
@@ -354,7 +357,7 @@
  </directive>
  <directive id="CSS.AllowedFonts">
   <file name="HTMLPurifier/AttrDef/CSS/FontFamily.php">
-   <line>64</line>
+   <line>62</line>
   </file>
  </directive>
  <directive id="Attr.AllowedClasses">
@@ -451,7 +454,7 @@
  </directive>
  <directive id="HTML.FlashAllowFullScreen">
   <file name="HTMLPurifier/AttrTransform/SafeParam.php">
-   <line>53</line>
+   <line>58</line>
   </file>
  </directive>
  <directive id="Cache.SerializerPath">
@@ -477,7 +480,7 @@
  </directive>
  <directive id="Filter.ExtractStyleBlocks.Escaping">
   <file name="HTMLPurifier/Filter/ExtractStyleBlocks.php">
-   <line>330</line>
+   <line>334</line>
   </file>
  </directive>
  <directive id="HTML.Forms">

extras/FSTools.php

@@ -136,7 +136,7 @@ class FSTools
     /**
      * Recursively globs a directory.
      */
-    public function globr($dir, $pattern, $flags = NULL)
+    public function globr($dir, $pattern, $flags = 0)
     {
         $files = $this->glob("$dir/$pattern", $flags);
         if ($files === false) $files = array();

library/HTMLPurifier.includes.php

@@ -7,7 +7,7 @@
  * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
  * FILE, changes will be overwritten the next time the script is run.
  *
- * @version 4.14.0
+ * @version 4.17.0
  *
  * @warning
  *      You must *not* include any other HTML Purifier files before this file,
@@ -107,6 +107,7 @@ require 'HTMLPurifier/AttrDef/HTML/Bool.php';
 require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
 require 'HTMLPurifier/AttrDef/HTML/Class.php';
 require 'HTMLPurifier/AttrDef/HTML/Color.php';
+require 'HTMLPurifier/AttrDef/HTML/ContentEditable.php';
 require 'HTMLPurifier/AttrDef/HTML/FrameTarget.php';
 require 'HTMLPurifier/AttrDef/HTML/ID.php';
 require 'HTMLPurifier/AttrDef/HTML/Pixels.php';

library/HTMLPurifier.php

@@ -19,7 +19,7 @@
  */
 
 /*
-    HTML Purifier 4.14.0 - Standards Compliant HTML Filtering
+    HTML Purifier 4.17.0 - Standards Compliant HTML Filtering
     Copyright (C) 2006-2008 Edward Z. Yang
 
     This library is free software; you can redistribute it and/or
@@ -58,12 +58,12 @@ class HTMLPurifier
      * Version of HTML Purifier.
      * @type string
      */
-    public $version = '4.14.0';
+    public $version = '4.17.0';
 
     /**
      * Constant with version of HTML Purifier.
      */
-    const VERSION = '4.14.0';
+    const VERSION = '4.17.0';
 
     /**
      * Global configuration object.

library/HTMLPurifier.safe-includes.php

@@ -101,6 +101,7 @@ require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
 require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
 require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Class.php';
 require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ContentEditable.php';
 require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
 require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
 require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';

library/HTMLPurifier/AttrDef/CSS/FontFamily.php

@@ -10,23 +10,21 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef
 
     public function __construct()
     {
-        $this->mask = '_- ';
+        // Lowercase letters
-        for ($c = 'a'; $c <= 'z'; $c++) {
+        $l = range('a', 'z');
-            $this->mask .= $c;
+        // Uppercase letters
-        }
+        $u = range('A', 'Z');
-        for ($c = 'A'; $c <= 'Z'; $c++) {
+        // Digits
-            $this->mask .= $c;
+        $d = range('0', '9');
-        }
+        // Special bytes used by UTF-8
-        for ($c = '0'; $c <= '9'; $c++) {
+        $b = array_map('chr', range(0x80, 0xFF));
-            $this->mask .= $c;
+        // All valid characters for the mask
-        } // cast-y, but should be fine
+        $c = array_merge($l, $u, $d, $b);
-        // special bytes used by UTF-8
+        // Concatenate all valid characters into a string 
-        for ($i = 0x80; $i <= 0xFF; $i++) {
+        // Use '_- ' as an initial value
-            // We don't bother excluding invalid bytes in this range,
+        $this->mask = array_reduce($c, function ($carry, $value) {
-            // because the our restriction of well-formed UTF-8 will
+            return $carry . $value;
-            // prevent these from ever occurring.
+        }, '_- ');
-            $this->mask .= chr($i);
-        }
 
         /*
             PHP's internal strcspn implementation is

library/HTMLPurifier/AttrDef/HTML/ContentEditable.php

@@ -0,0 +1,16 @@
+<?php
+
+class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
+{
+    public function validate($string, $config, $context)
+    {
+        $allowed = array('false');
+        if ($config->get('HTML.Trusted')) {
+            $allowed = array('', 'true', 'false');
+        }
+
+        $enum = new HTMLPurifier_AttrDef_Enum($allowed);
+
+        return $enum->validate($string, $config, $context);
+    }
+}

library/HTMLPurifier/AttrDef/URI/Host.php

@@ -106,7 +106,7 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
         // If we have Net_IDNA2 support, we can support IRIs by
         // punycoding them. (This is the most portable thing to do,
         // since otherwise we have to assume browsers support
-        } elseif ($config->get('Core.EnableIDNA')) {
+        } elseif ($config->get('Core.EnableIDNA') && class_exists('Net_IDNA2')) {
             $idna = new Net_IDNA2(array('encoding' => 'utf8', 'overlong' => false, 'strict' => true));
             // we need to encode each period separately
             $parts = explode('.', $string);

library/HTMLPurifier/AttrTransform/NameSync.php

@@ -8,6 +8,11 @@
 class HTMLPurifier_AttrTransform_NameSync extends HTMLPurifier_AttrTransform
 {
 
+    /**
+     * @type HTMLPurifier_AttrDef_HTML_ID
+     */
+    public $idDef;
+
     public function __construct()
     {
         $this->idDef = new HTMLPurifier_AttrDef_HTML_ID();

library/HTMLPurifier/AttrTransform/SafeParam.php

@@ -24,6 +24,11 @@ class HTMLPurifier_AttrTransform_SafeParam extends HTMLPurifier_AttrTransform
      */
     private $uri;
 
+    /**
+     * @type HTMLPurifier_AttrDef_Enum
+     */
+    public $wmode;
+
     public function __construct()
     {
         $this->uri = new HTMLPurifier_AttrDef_URI(true); // embedded

library/HTMLPurifier/AttrTransform/TargetBlank.php

@@ -33,7 +33,11 @@ class HTMLPurifier_AttrTransform_TargetBlank extends HTMLPurifier_AttrTransform
 
         // XXX Kind of inefficient
         $url = $this->parser->parse($attr['href']);
-        $scheme = $url->getSchemeObj($config, $context);
+        
+        // Ignore invalid schemes (e.g. `javascript:`)
+        if (!($scheme = $url->getSchemeObj($config, $context))) {
+            return $attr;
+        }
 
         if ($scheme->browsable && !$url->isBenign($config, $context)) {
             $attr['target'] = '_blank';

library/HTMLPurifier/AttrTypes.php

@@ -41,6 +41,7 @@ class HTMLPurifier_AttrTypes
         $this->info['IAlign']   = self::makeEnum('top,middle,bottom,left,right');
         $this->info['LAlign']   = self::makeEnum('top,bottom,left,right');
         $this->info['FrameTarget'] = new HTMLPurifier_AttrDef_HTML_FrameTarget();
+        $this->info['ContentEditable'] = new HTMLPurifier_AttrDef_HTML_ContentEditable();
 
         // unimplemented aliases
         $this->info['ContentType'] = new HTMLPurifier_AttrDef_Text();

library/HTMLPurifier/Bootstrap.php

@@ -79,44 +79,11 @@ class HTMLPurifier_Bootstrap
     public static function registerAutoload()
     {
         $autoload = array('HTMLPurifier_Bootstrap', 'autoload');
-        if (($funcs = spl_autoload_functions()) === false) {
+        if (spl_autoload_functions() === false) {
             spl_autoload_register($autoload);
-        } elseif (function_exists('spl_autoload_unregister')) {
+        } else {
-            if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+            // prepend flag exists, no need for shenanigans
-                // prepend flag exists, no need for shenanigans
+            spl_autoload_register($autoload, true, true);
-                spl_autoload_register($autoload, true, true);
-            } else {
-                $buggy  = version_compare(PHP_VERSION, '5.2.11', '<');
-                $compat = version_compare(PHP_VERSION, '5.1.2', '<=') &&
-                          version_compare(PHP_VERSION, '5.1.0', '>=');
-                foreach ($funcs as $func) {
-                    if ($buggy && is_array($func)) {
-                        // :TRICKY: There are some compatibility issues and some
-                        // places where we need to error out
-                        $reflector = new ReflectionMethod($func[0], $func[1]);
-                        if (!$reflector->isStatic()) {
-                            throw new Exception(
-                                'HTML Purifier autoloader registrar is not compatible
-                                with non-static object methods due to PHP Bug #44144;
-                                Please do not use HTMLPurifier.autoload.php (or any
-                                file that includes this file); instead, place the code:
-                                spl_autoload_register(array(\'HTMLPurifier_Bootstrap\', \'autoload\'))
-                                after your own autoloaders.'
-                            );
-                        }
-                        // Suprisingly, spl_autoload_register supports the
-                        // Class::staticMethod callback format, although call_user_func doesn't
-                        if ($compat) {
-                            $func = implode('::', $func);
-                        }
-                    }
-                    spl_autoload_unregister($func);
-                }
-                spl_autoload_register($autoload);
-                foreach ($funcs as $func) {
-                    spl_autoload_register($func);
-                }
-            }
         }
     }
 }

library/HTMLPurifier/CSSDefinition.php

@@ -13,7 +13,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
      * Assoc array of attribute name to definition object.
      * @type HTMLPurifier_AttrDef[]
      */
-    public $info = array();
+    public $info = [];
 
     /**
      * Constructs the info array.  The meat of this class.
@@ -22,7 +22,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
     protected function doSetup($config)
     {
         $this->info['text-align'] = new HTMLPurifier_AttrDef_Enum(
-            array('left', 'right', 'center', 'justify'),
+            ['left', 'right', 'center', 'justify'],
             false
         );
 
@@ -31,7 +31,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
             $this->info['border-right-style'] =
             $this->info['border-left-style'] =
             $this->info['border-top-style'] = new HTMLPurifier_AttrDef_Enum(
-                array(
+                [
                     'none',
                     'hidden',
                     'dotted',
@@ -42,42 +42,42 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                     'ridge',
                     'inset',
                     'outset'
-                ),
+                ],
                 false
             );
 
         $this->info['border-style'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_style);
 
         $this->info['clear'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right', 'both'),
+            ['none', 'left', 'right', 'both'],
             false
         );
         $this->info['float'] = new HTMLPurifier_AttrDef_Enum(
-            array('none', 'left', 'right'),
+            ['none', 'left', 'right'],
             false
         );
         $this->info['font-style'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'italic', 'oblique'),
+            ['normal', 'italic', 'oblique'],
             false
         );
         $this->info['font-variant'] = new HTMLPurifier_AttrDef_Enum(
-            array('normal', 'small-caps'),
+            ['normal', 'small-caps'],
             false
         );
 
         $uri_or_none = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
-                new HTMLPurifier_AttrDef_Enum(array('none')),
+                new HTMLPurifier_AttrDef_Enum(['none']),
                 new HTMLPurifier_AttrDef_CSS_URI()
-            )
+            ]
         );
 
         $this->info['list-style-position'] = new HTMLPurifier_AttrDef_Enum(
-            array('inside', 'outside'),
+            ['inside', 'outside'],
             false
         );
         $this->info['list-style-type'] = new HTMLPurifier_AttrDef_Enum(
-            array(
+            [
                 'disc',
                 'circle',
                 'square',
@@ -87,7 +87,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                 'lower-alpha',
                 'upper-alpha',
                 'none'
-            ),
+            ],
             false
         );
         $this->info['list-style-image'] = $uri_or_none;
@@ -95,34 +95,34 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
         $this->info['list-style'] = new HTMLPurifier_AttrDef_CSS_ListStyle($config);
 
         $this->info['text-transform'] = new HTMLPurifier_AttrDef_Enum(
-            array('capitalize', 'uppercase', 'lowercase', 'none'),
+            ['capitalize', 'uppercase', 'lowercase', 'none'],
             false
         );
         $this->info['color'] = new HTMLPurifier_AttrDef_CSS_Color();
 
         $this->info['background-image'] = $uri_or_none;
         $this->info['background-repeat'] = new HTMLPurifier_AttrDef_Enum(
-            array('repeat', 'repeat-x', 'repeat-y', 'no-repeat')
+            ['repeat', 'repeat-x', 'repeat-y', 'no-repeat']
         );
         $this->info['background-attachment'] = new HTMLPurifier_AttrDef_Enum(
-            array('scroll', 'fixed')
+            ['scroll', 'fixed']
         );
         $this->info['background-position'] = new HTMLPurifier_AttrDef_CSS_BackgroundPosition();
 
         $this->info['background-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_Enum(
-                    array(
+                    [
                         'auto',
                         'cover',
                         'contain',
                         'initial',
                         'inherit',
-                    )
+                    ]
                 ),
                 new HTMLPurifier_AttrDef_CSS_Percentage(),
                 new HTMLPurifier_AttrDef_CSS_Length()
-            )
+            ]
         );
 
         $border_color =
@@ -131,10 +131,10 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
             $this->info['border-left-color'] =
             $this->info['border-right-color'] =
             $this->info['background-color'] = new HTMLPurifier_AttrDef_CSS_Composite(
-                array(
+                [
-                    new HTMLPurifier_AttrDef_Enum(array('transparent')),
+                    new HTMLPurifier_AttrDef_Enum(['transparent']),
                     new HTMLPurifier_AttrDef_CSS_Color()
-                )
+                ]
             );
 
         $this->info['background'] = new HTMLPurifier_AttrDef_CSS_Background($config);
@@ -146,32 +146,32 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
             $this->info['border-bottom-width'] =
             $this->info['border-left-width'] =
             $this->info['border-right-width'] = new HTMLPurifier_AttrDef_CSS_Composite(
-                array(
+                [
-                    new HTMLPurifier_AttrDef_Enum(array('thin', 'medium', 'thick')),
+                    new HTMLPurifier_AttrDef_Enum(['thin', 'medium', 'thick']),
                     new HTMLPurifier_AttrDef_CSS_Length('0') //disallow negative
-                )
+                ]
             );
 
         $this->info['border-width'] = new HTMLPurifier_AttrDef_CSS_Multiple($border_width);
 
         $this->info['letter-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
-                new HTMLPurifier_AttrDef_Enum(array('normal')),
+                new HTMLPurifier_AttrDef_Enum(['normal']),
                 new HTMLPurifier_AttrDef_CSS_Length()
-            )
+            ]
         );
 
         $this->info['word-spacing'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
-                new HTMLPurifier_AttrDef_Enum(array('normal')),
+                new HTMLPurifier_AttrDef_Enum(['normal']),
                 new HTMLPurifier_AttrDef_CSS_Length()
-            )
+            ]
         );
 
         $this->info['font-size'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_Enum(
-                    array(
+                    [
                         'xx-small',
                         'x-small',
                         'small',
@@ -181,20 +181,20 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                         'xx-large',
                         'larger',
                         'smaller'
-                    )
+                    ]
                 ),
                 new HTMLPurifier_AttrDef_CSS_Percentage(),
                 new HTMLPurifier_AttrDef_CSS_Length()
-            )
+            ]
         );
 
         $this->info['line-height'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
-                new HTMLPurifier_AttrDef_Enum(array('normal')),
+                new HTMLPurifier_AttrDef_Enum(['normal']),
                 new HTMLPurifier_AttrDef_CSS_Number(true), // no negatives
                 new HTMLPurifier_AttrDef_CSS_Length('0'),
                 new HTMLPurifier_AttrDef_CSS_Percentage(true)
-            )
+            ]
         );
 
         $margin =
@@ -202,11 +202,11 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
             $this->info['margin-bottom'] =
             $this->info['margin-left'] =
             $this->info['margin-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
-                array(
+                [
                     new HTMLPurifier_AttrDef_CSS_Length(),
                     new HTMLPurifier_AttrDef_CSS_Percentage(),
-                    new HTMLPurifier_AttrDef_Enum(array('auto'))
+                    new HTMLPurifier_AttrDef_Enum(['auto'])
-                )
+                ]
             );
 
         $this->info['margin'] = new HTMLPurifier_AttrDef_CSS_Multiple($margin);
@@ -217,41 +217,41 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
             $this->info['padding-bottom'] =
             $this->info['padding-left'] =
             $this->info['padding-right'] = new HTMLPurifier_AttrDef_CSS_Composite(
-                array(
+                [
                     new HTMLPurifier_AttrDef_CSS_Length('0'),
                     new HTMLPurifier_AttrDef_CSS_Percentage(true)
-                )
+                ]
             );
 
         $this->info['padding'] = new HTMLPurifier_AttrDef_CSS_Multiple($padding);
 
         $this->info['text-indent'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_CSS_Length(),
                 new HTMLPurifier_AttrDef_CSS_Percentage()
-            )
+            ]
         );
 
         $trusted_wh = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_CSS_Length('0'),
                 new HTMLPurifier_AttrDef_CSS_Percentage(true),
-                new HTMLPurifier_AttrDef_Enum(array('auto', 'initial', 'inherit'))
+                new HTMLPurifier_AttrDef_Enum(['auto', 'initial', 'inherit'])
-            )
+            ]
         );
         $trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_CSS_Length('0'),
                 new HTMLPurifier_AttrDef_CSS_Percentage(true),
-                new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
+                new HTMLPurifier_AttrDef_Enum(['initial', 'inherit'])
-            )
+            ]
         );
         $trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_CSS_Length('0'),
                 new HTMLPurifier_AttrDef_CSS_Percentage(true),
-                new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
+                new HTMLPurifier_AttrDef_Enum(['none', 'initial', 'inherit'])
-            )
+            ]
         );
         $max = $config->get('CSS.MaxImgLength');
 
@@ -263,10 +263,10 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                     'img',
                     // For img tags:
                     new HTMLPurifier_AttrDef_CSS_Composite(
-                        array(
+                        [
                             new HTMLPurifier_AttrDef_CSS_Length('0', $max),
-                            new HTMLPurifier_AttrDef_Enum(array('auto'))
+                            new HTMLPurifier_AttrDef_Enum(['auto'])
-                        )
+                        ]
                     ),
                     // For everyone else:
                     $trusted_wh
@@ -279,10 +279,10 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                     'img',
                     // For img tags:
                     new HTMLPurifier_AttrDef_CSS_Composite(
-                        array(
+                        [
                             new HTMLPurifier_AttrDef_CSS_Length('0', $max),
-                            new HTMLPurifier_AttrDef_Enum(array('initial', 'inherit'))
+                            new HTMLPurifier_AttrDef_Enum(['initial', 'inherit'])
-                        )
+                        ]
                     ),
                     // For everyone else:
                     $trusted_min_wh
@@ -295,22 +295,39 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                     'img',
                     // For img tags:
                     new HTMLPurifier_AttrDef_CSS_Composite(
-                        array(
+                        [
                             new HTMLPurifier_AttrDef_CSS_Length('0', $max),
-                            new HTMLPurifier_AttrDef_Enum(array('none', 'initial', 'inherit'))
+                            new HTMLPurifier_AttrDef_Enum(['none', 'initial', 'inherit'])
-                        )
+                        ]
                     ),
                     // For everyone else:
                     $trusted_max_wh
                 );
 
+        // text-decoration and related shorthands
         $this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
 
+        $this->info['text-decoration-line'] = new HTMLPurifier_AttrDef_Enum(
+            ['none', 'underline', 'overline', 'line-through', 'initial', 'inherit']
+        );
+
+        $this->info['text-decoration-style'] = new HTMLPurifier_AttrDef_Enum(
+            ['solid', 'double', 'dotted', 'dashed', 'wavy', 'initial', 'inherit']
+        );
+
+        $this->info['text-decoration-color'] = new HTMLPurifier_AttrDef_CSS_Color();
+
+        $this->info['text-decoration-thickness'] = new HTMLPurifier_AttrDef_CSS_Composite([
+            new HTMLPurifier_AttrDef_CSS_Length(),
+            new HTMLPurifier_AttrDef_CSS_Percentage(),
+            new HTMLPurifier_AttrDef_Enum(['auto', 'from-font', 'initial', 'inherit'])
+        ]);
+
         $this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
 
         // this could use specialized code
         $this->info['font-weight'] = new HTMLPurifier_AttrDef_Enum(
-            array(
+            [
                 'normal',
                 'bold',
                 'bolder',
@@ -324,7 +341,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                 '700',
                 '800',
                 '900'
-            ),
+            ],
             false
         );
 
@@ -340,21 +357,21 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
         $this->info['border-right'] = new HTMLPurifier_AttrDef_CSS_Border($config);
 
         $this->info['border-collapse'] = new HTMLPurifier_AttrDef_Enum(
-            array('collapse', 'separate')
+            ['collapse', 'separate']
         );
 
         $this->info['caption-side'] = new HTMLPurifier_AttrDef_Enum(
-            array('top', 'bottom')
+            ['top', 'bottom']
         );
 
         $this->info['table-layout'] = new HTMLPurifier_AttrDef_Enum(
-            array('auto', 'fixed')
+            ['auto', 'fixed']
         );
 
         $this->info['vertical-align'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_Enum(
-                    array(
+                    [
                         'baseline',
                         'sub',
                         'super',
@@ -363,11 +380,11 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                         'middle',
                         'bottom',
                         'text-bottom'
-                    )
+                    ]
                 ),
                 new HTMLPurifier_AttrDef_CSS_Length(),
                 new HTMLPurifier_AttrDef_CSS_Percentage()
-            )
+            ]
         );
 
         $this->info['border-spacing'] = new HTMLPurifier_AttrDef_CSS_Multiple(new HTMLPurifier_AttrDef_CSS_Length(), 2);
@@ -375,7 +392,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
         // These CSS properties don't work on many browsers, but we live
         // in THE FUTURE!
         $this->info['white-space'] = new HTMLPurifier_AttrDef_Enum(
-            array('nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line')
+            ['nowrap', 'normal', 'pre', 'pre-wrap', 'pre-line']
         );
 
         if ($config->get('CSS.Proprietary')) {
@@ -422,21 +439,21 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
         // more CSS3
         $this->info['page-break-after'] =
         $this->info['page-break-before'] = new HTMLPurifier_AttrDef_Enum(
-            array(
+            [
                 'auto',
                 'always',
                 'avoid',
                 'left',
                 'right'
-            )
+            ]
         );
-        $this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(array('auto', 'avoid'));
+        $this->info['page-break-inside'] = new HTMLPurifier_AttrDef_Enum(['auto', 'avoid']);
 
         $border_radius = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_CSS_Percentage(true), // disallow negative
                 new HTMLPurifier_AttrDef_CSS_Length('0') // disallow negative
-            ));
+            ]);
 
         $this->info['border-top-left-radius'] =
         $this->info['border-top-right-radius'] =
@@ -453,7 +470,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
     protected function doSetupTricky($config)
     {
         $this->info['display'] = new HTMLPurifier_AttrDef_Enum(
-            array(
+            [
                 'inline',
                 'block',
                 'list-item',
@@ -472,12 +489,12 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
                 'table-cell',
                 'table-caption',
                 'none'
-            )
+            ]
         );
         $this->info['visibility'] = new HTMLPurifier_AttrDef_Enum(
-            array('visible', 'hidden', 'collapse')
+            ['visible', 'hidden', 'collapse']
         );
-        $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(array('visible', 'hidden', 'auto', 'scroll'));
+        $this->info['overflow'] = new HTMLPurifier_AttrDef_Enum(['visible', 'hidden', 'auto', 'scroll']);
         $this->info['opacity'] = new HTMLPurifier_AttrDef_CSS_AlphaValue();
     }
 
@@ -487,23 +504,23 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
     protected function doSetupTrusted($config)
     {
         $this->info['position'] = new HTMLPurifier_AttrDef_Enum(
-            array('static', 'relative', 'absolute', 'fixed')
+            ['static', 'relative', 'absolute', 'fixed']
         );
         $this->info['top'] =
         $this->info['left'] =
         $this->info['right'] =
         $this->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_CSS_Length(),
                 new HTMLPurifier_AttrDef_CSS_Percentage(),
-                new HTMLPurifier_AttrDef_Enum(array('auto')),
+                new HTMLPurifier_AttrDef_Enum(['auto']),
-            )
+            ]
         );
         $this->info['z-index'] = new HTMLPurifier_AttrDef_CSS_Composite(
-            array(
+            [
                 new HTMLPurifier_AttrDef_Integer(),
-                new HTMLPurifier_AttrDef_Enum(array('auto')),
+                new HTMLPurifier_AttrDef_Enum(['auto']),
-            )
+            ]
         );
     }
 

library/HTMLPurifier/ChildDef/List.php

@@ -22,6 +22,8 @@ class HTMLPurifier_ChildDef_List extends HTMLPurifier_ChildDef
     // XXX: This whole business with 'wrap' is all a bit unsatisfactory
     public $elements = array('li' => true, 'ul' => true, 'ol' => true);
 
+    public $whitespace;
+
     /**
      * @param array $children
      * @param HTMLPurifier_Config $config

library/HTMLPurifier/Config.php

@@ -21,7 +21,7 @@ class HTMLPurifier_Config
      * HTML Purifier's version
      * @type string
      */
-    public $version = '4.14.0';
+    public $version = '4.17.0';
 
     /**
      * Whether or not to automatically finalize

library/HTMLPurifier/DefinitionCache/Serializer.php

@@ -287,13 +287,14 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
             } elseif (filegroup($dir) === posix_getgid()) {
                 $chmod = $chmod | 0070;
             } else {
-                // PHP's probably running as nobody, so we'll
+              // PHP's probably running as nobody, it is
-                // need to give global permissions
+              // not obvious how to fix this (777 is probably
-                $chmod = $chmod | 0777;
+              // bad if you are multi-user), let the user figure it out
+                $chmod = null;
             }
             trigger_error(
-                'Directory ' . $dir . ' not writable, ' .
+                'Directory ' . $dir . ' not writable. ' .
-                'please chmod to ' . decoct($chmod),
+                ($chmod === null ? '' : 'Please chmod to ' . decoct($chmod)),
                 E_USER_WARNING
             );
         } else {

library/HTMLPurifier/DefinitionCacheFactory.php

@@ -71,7 +71,7 @@ class HTMLPurifier_DefinitionCacheFactory
             return $this->caches[$method][$type];
         }
         if (isset($this->implementations[$method]) &&
-            class_exists($class = $this->implementations[$method], false)) {
+            class_exists($class = $this->implementations[$method])) {
             $cache = new $class($type);
         } else {
             if ($method != 'Serializer') {

library/HTMLPurifier/ElementDef.php

@@ -176,7 +176,7 @@ class HTMLPurifier_ElementDef
 
         if (!empty($def->content_model)) {
             $this->content_model =
-                str_replace("#SUPER", $this->content_model, $def->content_model);
+                str_replace("#SUPER", (string)$this->content_model, $def->content_model);
             $this->child = false;
         }
         if (!empty($def->content_model_type)) {

library/HTMLPurifier/Encoder.php

@@ -398,8 +398,8 @@ class HTMLPurifier_Encoder
             // characters to their true byte-wise ASCII/UTF-8 equivalents.
             $str = strtr($str, self::testEncodingSupportsASCII($encoding));
             return $str;
-        } elseif ($encoding === 'iso-8859-1') {
+        } elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
-            $str = utf8_encode($str);
+            $str = mb_convert_encoding($str, 'UTF-8', 'ISO-8859-1');
             return $str;
         }
         $bug = HTMLPurifier_Encoder::testIconvTruncateBug();
@@ -450,8 +450,8 @@ class HTMLPurifier_Encoder
             // Normal stuff
             $str = self::iconv('utf-8', $encoding . '//IGNORE', $str);
             return $str;
-        } elseif ($encoding === 'iso-8859-1') {
+        } elseif ($encoding === 'iso-8859-1' && function_exists('mb_convert_encoding')) {
-            $str = utf8_decode($str);
+            $str = mb_convert_encoding($str, 'ISO-8859-1', 'UTF-8');
             return $str;
         }
         trigger_error('Encoding not supported', E_USER_ERROR);

library/HTMLPurifier/Filter/ExtractStyleBlocks.php

@@ -146,175 +146,179 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
         foreach ($this->_tidy->css as $k => $decls) {
             // $decls are all CSS declarations inside an @ selector
             $new_decls = array();
-            foreach ($decls as $selector => $style) {
+            if (is_array($decls)) {
-                $selector = trim($selector);
+                foreach ($decls as $selector => $style) {
-                if ($selector === '') {
+                    $selector = trim($selector);
-                    continue;
+                    if ($selector === '') {
-                } // should not happen
+                        continue;
-                // Parse the selector
+                    } // should not happen
-                // Here is the relevant part of the CSS grammar:
+                    // Parse the selector
-                //
+                    // Here is the relevant part of the CSS grammar:
-                // ruleset
+                    //
-                //   : selector [ ',' S* selector ]* '{' ...
+                    // ruleset
-                // selector
+                    //   : selector [ ',' S* selector ]* '{' ...
-                //   : simple_selector [ combinator selector | S+ [ combinator? selector ]? ]?
+                    // selector
-                // combinator
+                    //   : simple_selector [ combinator selector | S+ [ combinator? selector ]? ]?
-                //   : '+' S*
+                    // combinator
-                //   : '>' S*
+                    //   : '+' S*
-                // simple_selector
+                    //   : '>' S*
-                //   : element_name [ HASH | class | attrib | pseudo ]*
+                    // simple_selector
-                //   | [ HASH | class | attrib | pseudo ]+
+                    //   : element_name [ HASH | class | attrib | pseudo ]*
-                // element_name
+                    //   | [ HASH | class | attrib | pseudo ]+
-                //   : IDENT | '*'
+                    // element_name
-                //   ;
+                    //   : IDENT | '*'
-                // class
+                    //   ;
-                //   : '.' IDENT
+                    // class
-                //   ;
+                    //   : '.' IDENT
-                // attrib
+                    //   ;
-                //   : '[' S* IDENT S* [ [ '=' | INCLUDES | DASHMATCH ] S*
+                    // attrib
-                //     [ IDENT | STRING ] S* ]? ']'
+                    //   : '[' S* IDENT S* [ [ '=' | INCLUDES | DASHMATCH ] S*
-                //   ;
+                    //     [ IDENT | STRING ] S* ]? ']'
-                // pseudo
+                    //   ;
-                //   : ':' [ IDENT | FUNCTION S* [IDENT S*]? ')' ]
+                    // pseudo
-                //   ;
+                    //   : ':' [ IDENT | FUNCTION S* [IDENT S*]? ')' ]
-                //
+                    //   ;
-                // For reference, here are the relevant tokens:
+                    //
-                //
+                    // For reference, here are the relevant tokens:
-                // HASH         #{name}
+                    //
-                // IDENT        {ident}
+                    // HASH         #{name}
-                // INCLUDES     ==
+                    // IDENT        {ident}
-                // DASHMATCH    |=
+                    // INCLUDES     ==
-                // STRING       {string}
+                    // DASHMATCH    |=
-                // FUNCTION     {ident}\(
+                    // STRING       {string}
-                //
+                    // FUNCTION     {ident}\(
-                // And the lexical scanner tokens
+                    //
-                //
+                    // And the lexical scanner tokens
-                // name         {nmchar}+
+                    //
-                // nmchar       [_a-z0-9-]|{nonascii}|{escape}
+                    // name         {nmchar}+
-                // nonascii     [\240-\377]
+                    // nmchar       [_a-z0-9-]|{nonascii}|{escape}
-                // escape       {unicode}|\\[^\r\n\f0-9a-f]
+                    // nonascii     [\240-\377]
-                // unicode      \\{h}}{1,6}(\r\n|[ \t\r\n\f])?
+                    // escape       {unicode}|\\[^\r\n\f0-9a-f]
-                // ident        -?{nmstart}{nmchar*}
+                    // unicode      \\{h}}{1,6}(\r\n|[ \t\r\n\f])?
-                // nmstart      [_a-z]|{nonascii}|{escape}
+                    // ident        -?{nmstart}{nmchar*}
-                // string       {string1}|{string2}
+                    // nmstart      [_a-z]|{nonascii}|{escape}
-                // string1      \"([^\n\r\f\\"]|\\{nl}|{escape})*\"
+                    // string       {string1}|{string2}
-                // string2      \'([^\n\r\f\\"]|\\{nl}|{escape})*\'
+                    // string1      \"([^\n\r\f\\"]|\\{nl}|{escape})*\"
-                //
+                    // string2      \'([^\n\r\f\\"]|\\{nl}|{escape})*\'
-                // We'll implement a subset (in order to reduce attack
+                    //
-                // surface); in particular:
+                    // We'll implement a subset (in order to reduce attack
-                //
+                    // surface); in particular:
-                //      - No Unicode support
+                    //
-                //      - No escapes support
+                    //      - No Unicode support
-                //      - No string support (by proxy no attrib support)
+                    //      - No escapes support
-                //      - element_name is matched against allowed
+                    //      - No string support (by proxy no attrib support)
-                //        elements (some people might find this
+                    //      - element_name is matched against allowed
-                //        annoying...)
+                    //        elements (some people might find this
-                //      - Pseudo-elements one of :first-child, :link,
+                    //        annoying...)
-                //        :visited, :active, :hover, :focus
+                    //      - Pseudo-elements one of :first-child, :link,
+                    //        :visited, :active, :hover, :focus
 
-                // handle ruleset
+                    // handle ruleset
-                $selectors = array_map('trim', explode(',', $selector));
+                    $selectors = array_map('trim', explode(',', $selector));
-                $new_selectors = array();
+                    $new_selectors = array();
-                foreach ($selectors as $sel) {
+                    foreach ($selectors as $sel) {
-                    // split on +, > and spaces
+                        // split on +, > and spaces
-                    $basic_selectors = preg_split('/\s*([+> ])\s*/', $sel, -1, PREG_SPLIT_DELIM_CAPTURE);
+                        $basic_selectors = preg_split('/\s*([+> ])\s*/', $sel, -1, PREG_SPLIT_DELIM_CAPTURE);
-                    // even indices are chunks, odd indices are
+                        // even indices are chunks, odd indices are
-                    // delimiters
+                        // delimiters
-                    $nsel = null;
+                        $nsel = null;
-                    $delim = null; // guaranteed to be non-null after
+                        $delim = null; // guaranteed to be non-null after
-                    // two loop iterations
+                        // two loop iterations
-                    for ($i = 0, $c = count($basic_selectors); $i < $c; $i++) {
+                        for ($i = 0, $c = count($basic_selectors); $i < $c; $i++) {
-                        $x = $basic_selectors[$i];
+                            $x = $basic_selectors[$i];
-                        if ($i % 2) {
+                            if ($i % 2) {
-                            // delimiter
+                                // delimiter
-                            if ($x === ' ') {
+                                if ($x === ' ') {
-                                $delim = ' ';
+                                    $delim = ' ';
-                            } else {
-                                $delim = ' ' . $x . ' ';
-                            }
-                        } else {
-                            // simple selector
-                            $components = preg_split('/([#.:])/', $x, -1, PREG_SPLIT_DELIM_CAPTURE);
-                            $sdelim = null;
-                            $nx = null;
-                            for ($j = 0, $cc = count($components); $j < $cc; $j++) {
-                                $y = $components[$j];
-                                if ($j === 0) {
-                                    if ($y === '*' || isset($html_definition->info[$y = strtolower($y)])) {
-                                        $nx = $y;
-                                    } else {
-                                        // $nx stays null; this matters
-                                        // if we don't manage to find
-                                        // any valid selector content,
-                                        // in which case we ignore the
-                                        // outer $delim
-                                    }
-                                } elseif ($j % 2) {
-                                    // set delimiter
-                                    $sdelim = $y;
                                 } else {
-                                    $attrdef = null;
+                                    $delim = ' ' . $x . ' ';
-                                    if ($sdelim === '#') {
-                                        $attrdef = $this->_id_attrdef;
-                                    } elseif ($sdelim === '.') {
-                                        $attrdef = $this->_class_attrdef;
-                                    } elseif ($sdelim === ':') {
-                                        $attrdef = $this->_enum_attrdef;
-                                    } else {
-                                        throw new HTMLPurifier_Exception('broken invariant sdelim and preg_split');
-                                    }
-                                    $r = $attrdef->validate($y, $config, $context);
-                                    if ($r !== false) {
-                                        if ($r !== true) {
-                                            $y = $r;
-                                        }
-                                        if ($nx === null) {
-                                            $nx = '';
-                                        }
-                                        $nx .= $sdelim . $y;
-                                    }
-                                }
-                            }
-                            if ($nx !== null) {
-                                if ($nsel === null) {
-                                    $nsel = $nx;
-                                } else {
-                                    $nsel .= $delim . $nx;
                                 }
                             } else {
-                                // delimiters to the left of invalid
+                                // simple selector
-                                // basic selector ignored
+                                $components = preg_split('/([#.:])/', $x, -1, PREG_SPLIT_DELIM_CAPTURE);
+                                $sdelim = null;
+                                $nx = null;
+                                for ($j = 0, $cc = count($components); $j < $cc; $j++) {
+                                    $y = $components[$j];
+                                    if ($j === 0) {
+                                        if ($y === '*' || isset($html_definition->info[$y = strtolower($y)])) {
+                                            $nx = $y;
+                                        } else {
+                                            // $nx stays null; this matters
+                                            // if we don't manage to find
+                                            // any valid selector content,
+                                            // in which case we ignore the
+                                            // outer $delim
+                                        }
+                                    } elseif ($j % 2) {
+                                        // set delimiter
+                                        $sdelim = $y;
+                                    } else {
+                                        $attrdef = null;
+                                        if ($sdelim === '#') {
+                                            $attrdef = $this->_id_attrdef;
+                                        } elseif ($sdelim === '.') {
+                                            $attrdef = $this->_class_attrdef;
+                                        } elseif ($sdelim === ':') {
+                                            $attrdef = $this->_enum_attrdef;
+                                        } else {
+                                            throw new HTMLPurifier_Exception('broken invariant sdelim and preg_split');
+                                        }
+                                        $r = $attrdef->validate($y, $config, $context);
+                                        if ($r !== false) {
+                                            if ($r !== true) {
+                                                $y = $r;
+                                            }
+                                            if ($nx === null) {
+                                                $nx = '';
+                                            }
+                                            $nx .= $sdelim . $y;
+                                        }
+                                    }
+                                }
+                                if ($nx !== null) {
+                                    if ($nsel === null) {
+                                        $nsel = $nx;
+                                    } else {
+                                        $nsel .= $delim . $nx;
+                                    }
+                                } else {
+                                    // delimiters to the left of invalid
+                                    // basic selector ignored
+                                }
+                            }
+                        }
+                        if ($nsel !== null) {
+                            if (!empty($scopes)) {
+                                foreach ($scopes as $s) {
+                                    $new_selectors[] = "$s $nsel";
+                                }
+                            } else {
+                                $new_selectors[] = $nsel;
                             }
                         }
                     }
-                    if ($nsel !== null) {
+                    if (empty($new_selectors)) {
-                        if (!empty($scopes)) {
-                            foreach ($scopes as $s) {
-                                $new_selectors[] = "$s $nsel";
-                            }
-                        } else {
-                            $new_selectors[] = $nsel;
-                        }
-                    }
-                }
-                if (empty($new_selectors)) {
-                    continue;
-                }
-                $selector = implode(', ', $new_selectors);
-                foreach ($style as $name => $value) {
-                    if (!isset($css_definition->info[$name])) {
-                        unset($style[$name]);
                         continue;
                     }
-                    $def = $css_definition->info[$name];
+                    $selector = implode(', ', $new_selectors);
-                    $ret = $def->validate($value, $config, $context);
+                    foreach ($style as $name => $value) {
-                    if ($ret === false) {
+                        if (!isset($css_definition->info[$name])) {
-                        unset($style[$name]);
+                            unset($style[$name]);
-                    } else {
+                            continue;
-                        $style[$name] = $ret;
+                        }
+                        $def = $css_definition->info[$name];
+                        $ret = $def->validate($value, $config, $context);
+                        if ($ret === false) {
+                            unset($style[$name]);
+                        } else {
+                            $style[$name] = $ret;
+                        }
                     }
+                    $new_decls[$selector] = $style;
                 }
-                $new_decls[$selector] = $style;
+            } else {
+                continue;
             }
             $new_css[$k] = $new_decls;
         }

library/HTMLPurifier/HTMLModule/CommonAttributes.php

@@ -17,6 +17,7 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
             'class' => 'Class',
             'id' => 'ID',
             'title' => 'CDATA',
+            'contenteditable' => 'ContentEditable',
         ),
         'Lang' => array(),
         'I18N' => array(

library/HTMLPurifier/HTMLModule/Tidy.php

@@ -221,6 +221,7 @@ class HTMLPurifier_HTMLModule_Tidy extends HTMLPurifier_HTMLModule
      */
     public function makeFixes()
     {
+        return array();
     }
 }
 

library/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php

@@ -31,6 +31,16 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
      */
     private $context;
 
+    /**
+     * @type SplObjectStorage
+     */
+    private $markForDeletion;
+
+    public function __construct()
+    {
+        $this->markForDeletion = new SplObjectStorage();
+    }
+
     public function prepare($config, $context)
     {
         $this->attrValidator = new HTMLPurifier_AttrValidator();
@@ -64,7 +74,7 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
 
         if ($current instanceof HTMLPurifier_Token_End && $current->name === 'span') {
             // Mark closing span tag for deletion
-            $current->markForDeletion = true;
+            $this->markForDeletion->attach($current);
             // Delete open span tag
             $token = false;
         }
@@ -75,7 +85,8 @@ class HTMLPurifier_Injector_RemoveSpansWithoutAttributes extends HTMLPurifier_In
      */
     public function handleEnd(&$token)
     {
-        if ($token->markForDeletion) {
+        if ($this->markForDeletion->contains($token)) {
+            $this->markForDeletion->detach($token);
             $token = false;
         }
     }

library/HTMLPurifier/LanguageFactory.php

@@ -109,7 +109,7 @@ class HTMLPurifier_LanguageFactory
         } else {
             $class = 'HTMLPurifier_Language_' . $pcode;
             $file  = $this->dir . '/Language/classes/' . $code . '.php';
-            if (file_exists($file) || class_exists($class, false)) {
+            if (file_exists($file) || class_exists($class)) {
                 $lang = new $class($config, $context);
             } else {
                 // Go fallback

library/HTMLPurifier/Length.php

@@ -78,7 +78,7 @@ class HTMLPurifier_Length
         if ($this->n === '0' && $this->unit === false) {
             return true;
         }
-        if (!ctype_lower($this->unit)) {
+        if ($this->unit === false || !ctype_lower($this->unit)) {
             $this->unit = strtolower($this->unit);
         }
         if (!isset(HTMLPurifier_Length::$allowedUnits[$this->unit])) {

library/HTMLPurifier/Lexer.php

@@ -48,6 +48,11 @@ class HTMLPurifier_Lexer
      */
     public $tracksLineNumbers = false;
 
+    /**
+     * @type HTMLPurifier_EntityParser
+     */
+    private $_entity_parser;
+
     // -- STATIC ----------------------------------------------------------
 
     /**
@@ -96,7 +101,7 @@ class HTMLPurifier_Lexer
                         break;
                     }
 
-                    if (class_exists('DOMDocument', false) &&
+                    if (class_exists('DOMDocument') &&
                         method_exists('DOMDocument', 'loadHTML') &&
                         !extension_loaded('domxml')
                     ) {
@@ -306,8 +311,8 @@ class HTMLPurifier_Lexer
     {
         // normalize newlines to \n
         if ($config->get('Core.NormalizeNewlines')) {
-            $html = str_replace("\r\n", "\n", $html);
+            $html = str_replace("\r\n", "\n", (string)$html);
-            $html = str_replace("\r", "\n", $html);
+            $html = str_replace("\r", "\n", (string)$html);
         }
 
         if ($config->get('HTML.Trusted')) {

library/HTMLPurifier/Lexer/DOMLex.php

@@ -104,7 +104,6 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
      * To iterate is human, to recurse divine - L. Peter Deutsch
      * @param DOMNode $node DOMNode to be tokenized.
      * @param HTMLPurifier_Token[] $tokens   Array-list of already tokenized tokens.
-     * @return HTMLPurifier_Token of node appended to previously passed tokens.
      */
     protected function tokenizeDOM($node, &$tokens, $config)
     {

library/HTMLPurifier/Lexer/PH5P.php

@@ -4410,7 +4410,7 @@ class HTML5TreeConstructer
 
         foreach ($token['attr'] as $attr) {
             if (!$el->hasAttribute($attr['name'])) {
-                $el->setAttribute($attr['name'], $attr['value']);
+                $el->setAttribute($attr['name'], (string)$attr['value']);
             }
         }
 

library/HTMLPurifier/Printer/ConfigForm.php

@@ -32,6 +32,11 @@ class HTMLPurifier_Printer_ConfigForm extends HTMLPurifier_Printer
      */
     protected $compress = false;
 
+    /**
+     * @var HTMLPurifier_Config
+     */
+    protected $genConfig;
+
     /**
      * @param string $name Form element name for directives to be stuffed into
      * @param string $doc_url String documentation URL, will have fragment tagged on

library/HTMLPurifier/PropertyListIterator.php

@@ -29,6 +29,7 @@ class HTMLPurifier_PropertyListIterator extends FilterIterator
     /**
      * @return bool
      */
+    #[\ReturnTypeWillChange]
     public function accept()
     {
         $key = $this->getInnerIterator()->key();

library/HTMLPurifier/StringHash.php

@@ -20,6 +20,7 @@ class HTMLPurifier_StringHash extends ArrayObject
      * @param mixed $index
      * @return mixed
      */
+    #[\ReturnTypeWillChange]
     public function offsetGet($index)
     {
         $this->accessed[$index] = true;

library/HTMLPurifier/URIFilter/HostBlacklist.php

@@ -35,7 +35,7 @@ class HTMLPurifier_URIFilter_HostBlacklist extends HTMLPurifier_URIFilter
     public function filter(&$uri, $config, $context)
     {
         foreach ($this->blacklist as $blacklisted_host_fragment) {
-            if (strpos($uri->host, $blacklisted_host_fragment) !== false) {
+            if ($uri->host !== null && strpos($uri->host, $blacklisted_host_fragment) !== false) {
                 return false;
             }
         }

library/HTMLPurifier/URIFilter/Munge.php

@@ -100,11 +100,11 @@ class HTMLPurifier_URIFilter_Munge extends HTMLPurifier_URIFilter
         $string = $uri->toString();
         // always available
         $this->replace['%s'] = $string;
-        $this->replace['%r'] = $context->get('EmbeddedURI', true);
+        $this->replace['%r'] = $context->get('EmbeddedURI', true) ?: '';
-        $token = $context->get('CurrentToken', true);
+        $token = $context->get('CurrentToken', true) ?: '';
-        $this->replace['%n'] = $token ? $token->name : null;
+        $this->replace['%n'] = $token ? $token->name : '';
-        $this->replace['%m'] = $context->get('CurrentAttr', true);
+        $this->replace['%m'] = $context->get('CurrentAttr', true) ?: '';
-        $this->replace['%p'] = $context->get('CurrentCSSProperty', true);
+        $this->replace['%p'] = $context->get('CurrentCSSProperty', true) ?: '';
         // not always available
         if ($this->secretKey) {
             $this->replace['%t'] = hash_hmac("sha256", $string, $this->secretKey);

library/HTMLPurifier/URIScheme/tel.php

@@ -33,11 +33,11 @@ class HTMLPurifier_URIScheme_tel extends HTMLPurifier_URIScheme
         $uri->host     = null;
         $uri->port     = null;
 
-        // Delete all non-numeric characters, non-x characters
+        // Delete all non-numeric characters, commas, and non-x characters
         // from phone number, EXCEPT for a leading plus sign.
-        $uri->path = preg_replace('/(?!^\+)[^\dx]/', '',
+        $uri->path = preg_replace('/(?!^\+)[^\dx,]/', '',
                      // Normalize e(x)tension to lower-case
-                     str_replace('X', 'x', $uri->path));
+                     str_replace('X', 'x', rawurldecode($uri->path)));
 
         return true;
     }

library/HTMLPurifier/UnitConverter.php

@@ -261,7 +261,7 @@ class HTMLPurifier_UnitConverter
      */
     private function round($n, $sigfigs)
     {
-        $new_log = (int)floor(log(abs($n), 10)); // Number of digits left of decimal - 1
+        $new_log = (int)floor(log(abs((float)$n), 10)); // Number of digits left of decimal - 1
         $rp = $sigfigs - $new_log - 1; // Number of decimal places needed
         $neg = $n < 0 ? '-' : ''; // Negative sign
         if ($this->bcmath) {
@@ -276,7 +276,7 @@ class HTMLPurifier_UnitConverter
             }
             return $n;
         } else {
-            return $this->scale(round($n, $sigfigs - $new_log - 1), $rp + 1);
+            return $this->scale(round((float)$n, $sigfigs - $new_log - 1), $rp + 1);
         }
     }
 
@@ -300,7 +300,7 @@ class HTMLPurifier_UnitConverter
             // Now we return it, truncating the zero that was rounded off.
             return substr($precise, 0, -1) . str_repeat('0', -$scale + 1);
         }
-        return sprintf('%.' . $scale . 'f', (float)$r);
+        return number_format((float)$r, $scale, '.', '');
     }
 }
 

maintenance/add-vimline.php

@@ -34,7 +34,6 @@ foreach ($files as $file) {
         postfix_is('.svg', $file) ||
         postfix_is('.phpt', $file) ||
         postfix_is('VERSION', $file) ||
-        postfix_is('WHATSNEW', $file) ||
         postfix_is('configdoc/usage.xml', $file) ||
         postfix_is('library/HTMLPurifier.includes.php', $file) ||
         postfix_is('library/HTMLPurifier.safe-includes.php', $file) ||

package.php

@@ -48,7 +48,6 @@ $pkg->setReleaseStability('stable');
 
 $pkg->addRelease();
 
-$pkg->setNotes(file_get_contents('WHATSNEW'));
 $pkg->setPackageType('php');
 
 $pkg->setPhpDep('5.0.0');

release.config.js

@@ -0,0 +1,33 @@
+module.exports = {
+  debug: true,
+  branch: 'master',
+  plugins: [
+    '@semantic-release/commit-analyzer',
+    '@semantic-release/release-notes-generator',
+    [
+      '@semantic-release/changelog',
+      {
+        'changelogFile': 'NEWS'
+      }
+    ],
+    [
+      '@semantic-release/exec',
+      {
+        'prepareCmd': 'php update-for-release ${nextRelease.version}'
+      }
+    ],
+    [
+      '@semantic-release/git',
+      {
+        'assets': [
+          'VERSION',
+          'NEWS',
+          'Doxyfile',
+          ['library/**/*', '!library/standalone/**/*', '!library/HTMLPurifier.standalone.php'],
+          'configdoc/**/*',
+        ],
+      }
+    ],
+    '@semantic-release/github'
+  ],
+}

smoketests/common.php

@@ -2,6 +2,8 @@
 
 header('Content-type: text/html; charset=UTF-8');
 
+require_once __DIR__.'/../vendor/autoload.php';
+
 if (!isset($_GET['standalone'])) {
     require_once '../library/HTMLPurifier.auto.php';
 } else {

smoketests/extractStyleBlocks.php

@@ -3,23 +3,6 @@
 require_once 'common.php';
 require_once 'HTMLPurifier/Filter/ExtractStyleBlocks.php';
 
-// need CSSTidy location
-$csstidy_location = false;
-if (file_exists('../conf/test-settings.php')) include '../conf/test-settings.php';
-if (file_exists('../test-settings.php')) include '../test-settings.php';
-
-if (!$csstidy_location) {
-?>
-Error: <a href="http://csstidy.sourceforge.net/">CSSTidy</a> library not
-found, please install and configure <code>test-settings.php</code>
-accordingly.
-<?php
-    exit;
-}
-
-require_once $csstidy_location . 'class.csstidy.php';
-require_once $csstidy_location . 'class.csstidy_print.php';
-
 $purifier = new HTMLPurifier(array(
     'Filter.ExtractStyleBlocks' => true,
 ));

test-settings.sample.php

@@ -17,20 +17,6 @@ if ($data !== false && $data !== '') {
     exit;
 }
 
-// -----------------------------------------------------------------------------
-// REQUIRED SETTINGS
-
-// Note on running SimpleTest:
-//      You want the Git copy of SimpleTest, found here:
-//          https://github.com/simpletest/simpletest/
-//
-//      If SimpleTest is borked with HTML Purifier, please contact me or
-//      the SimpleTest devs; I am a developer for SimpleTest so I should be
-//      able to quickly assess a fix. SimpleTest's problem is my problem!
-
-// Where is SimpleTest located? Remember to include a trailing slash!
-$simpletest_location = '/path/to/simpletest/';
-
 // -----------------------------------------------------------------------------
 // OPTIONAL SETTINGS
 
@@ -50,9 +36,6 @@ $GLOBALS['HTMLPurifierTest']['PHPT'] = false;
 // If PHPT isn't in your Path via PEAR, set that here:
 // set_include_path('/path/to/phpt/Core/src' . PATH_SEPARATOR . get_include_path());
 
-// Where is CSSTidy located? (Include trailing slash. Leave false to disable.)
-$csstidy_location    = false;
-
 // For tests/multitest.php, which versions to test?
 $versions_to_test    = array();
 
@@ -69,6 +52,6 @@ $GLOBALS['HTMLPurifierTest']['PEAR'] = false;
 
 // If PEAR is enabled, what PEAR tests should be run? (Note: you will
 // need to ensure these libraries are installed)
-$GLOBALS['HTMLPurifierTest']['Net_IDNA2'] = true;
+$GLOBALS['HTMLPurifierTest']['Net_IDNA2'] = false;
 
 // vim: et sw=4 sts=4

test-settings.travis.php

@@ -1,72 +0,0 @@
-<?php
-
-// This file is the configuration for Travis testing.
-
-// Note: The only external library you *need* is SimpleTest; everything else
-//       is optional.
-
-// We've got a lot of tests, so we recommend turning the limit off.
-set_time_limit(0);
-
-// Turning off output buffering will prevent mysterious errors from core dumps.
-$data = @ob_get_clean();
-if ($data !== false && $data !== '') {
-    echo "Output buffer contains data [".urlencode($data)."]\n";
-    exit;
-}
-
-// -----------------------------------------------------------------------------
-// REQUIRED SETTINGS
-
-// Note on running SimpleTest:
-//      You want the Git copy of SimpleTest, found here:
-//          https://github.com/simpletest/simpletest/
-//
-//      If SimpleTest is borked with HTML Purifier, please contact me or
-//      the SimpleTest devs; I am a developer for SimpleTest so I should be
-//      able to quickly assess a fix. SimpleTest's problem is my problem!
-
-// Where is SimpleTest located? Remember to include a trailing slash!
-$simpletest_location = dirname(__FILE__) . '/simpletest/';
-
-// -----------------------------------------------------------------------------
-// OPTIONAL SETTINGS
-
-// Note on running PHPT:
-//      Vanilla PHPT from https://github.com/tswicegood/PHPT_Core should
-//      work fine on Linux w/o multitest.
-//
-//      To do multitest or Windows testing, you'll need some more
-//      patches at https://github.com/ezyang/PHPT_Core
-//
-//      I haven't tested the Windows setup in a while so I don't know if
-//      it still works.
-
-// Should PHPT tests be enabled?
-$GLOBALS['HTMLPurifierTest']['PHPT'] = false;
-
-// If PHPT isn't in your Path via PEAR, set that here:
-// set_include_path('/path/to/phpt/Core/src' . PATH_SEPARATOR . get_include_path());
-
-// Where is CSSTidy located? (Include trailing slash. Leave false to disable.)
-$csstidy_location    = false;
-
-// For tests/multitest.php, which versions to test?
-$versions_to_test    = array();
-
-// Stable PHP binary to use when invoking maintenance scripts.
-$php = 'php';
-
-// For tests/multitest.php, what is the multi-version executable? It must
-// accept an extra parameter (version number) before all other arguments
-$phpv = false;
-
-// Should PEAR tests be run? If you've got a valid PEAR installation, set this
-// to true (or, if it's not in the include path, to its install directory).
-$GLOBALS['HTMLPurifierTest']['PEAR'] = false;
-
-// If PEAR is enabled, what PEAR tests should be run? (Note: you will
-// need to ensure these libraries are installed)
-$GLOBALS['HTMLPurifierTest']['Net_IDNA2'] = true;
-
-// vim: et sw=4 sts=4

tests/HTMLPurifier/AttrDef/CSSTest.php

@@ -73,6 +73,10 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('min-width:50vw;');
         $this->assertDef('min-width:-50vw;', false);
         $this->assertDef('text-decoration:underline;');
+        $this->assertDef('text-decoration-line:overline;');
+        $this->assertDef('text-decoration-style:dashed;');
+        $this->assertDef('text-decoration-color:#F00;');
+        $this->assertDef('text-decoration-thickness:5%;');
         $this->assertDef('font-family:sans-serif;');
         $this->assertDef("font-family:Gill, 'Times New Roman', sans-serif;");
         $this->assertDef('font:12px serif;');

tests/HTMLPurifier/AttrDef/HTML/ContentEditableTest.php

@@ -0,0 +1,27 @@
+<?php
+
+class HTMLPurifier_AttrDef_HTML_ContentEditableTest extends HTMLPurifier_AttrDefHarness
+{
+    public function setUp()
+    {
+        parent::setUp();
+        $this->def = new HTMLPurifier_AttrDef_HTML_ContentEditable();
+    }
+
+    public function test()
+    {
+        $this->assertDef('', false);
+        $this->assertDef('true', false);
+        $this->assertDef('caret', false);
+        $this->assertDef('false');
+    }
+
+    public function testTrustedHtml()
+    {
+        $this->config->set('HTML.Trusted', true);
+        $this->assertDef('');
+        $this->assertDef('true');
+        $this->assertDef('false');
+        $this->assertDef('caret', false);
+    }
+}

tests/HTMLPurifier/AttrDef/URITest.php

@@ -23,6 +23,8 @@ class HTMLPurifier_AttrDef_URITest extends HTMLPurifier_AttrDefHarness
         $this->assertDef('nntp://news.example.com/324234');
         $this->assertDef('mailto:bob@example.com');
         $this->assertDef('tel:+15555555555');
+        $this->assertDef('tel:+15555 555 555', 'tel:+15555555555');
+        $this->assertDef('tel:+15555%20555%20555', 'tel:+15555555555');
     }
 
     public function testIntegrationWithPercentEncoder()

tests/HTMLPurifier/AttrTransform/NameSyncTest.php

@@ -3,6 +3,11 @@
 class HTMLPurifier_AttrTransform_NameSyncTest extends HTMLPurifier_AttrTransformHarness
 {
 
+    /**
+     * @type HTMLPurifier_IDAccumulator
+     */
+    public $accumulator;
+
     public function setUp()
     {
         parent::setUp();

tests/HTMLPurifier/AttrValidator_ErrorsTest.php

@@ -3,6 +3,11 @@
 class HTMLPurifier_AttrValidator_ErrorsTest extends HTMLPurifier_ErrorsHarness
 {
 
+    /**
+     * @type HTMLPurifier_Language
+     */
+    public $language;
+
     public function setup()
     {
         parent::setup();

tests/HTMLPurifier/DefinitionCache/DecoratorHarness.php

@@ -5,6 +5,12 @@ generate_mock_once('HTMLPurifier_DefinitionCache');
 class HTMLPurifier_DefinitionCache_DecoratorHarness extends HTMLPurifier_DefinitionCacheHarness
 {
 
+    public $cache;
+
+    public $mock;
+
+    public $def;
+
     public function setup()
     {
         $this->mock     = new HTMLPurifier_DefinitionCacheMock();

tests/HTMLPurifier/DefinitionTestable.php

@@ -1,7 +1,14 @@
 <?php
 
+abstract class HTMLPurifier_TestDefinition extends HTMLPurifier_Definition
+{
+    public $info;
+    public $info_candles;
+    public $info_random;
+}
+
 Mock::generatePartial(
-        'HTMLPurifier_Definition',
+        'HTMLPurifier_TestDefinition',
         'HTMLPurifier_DefinitionTestable',
         array('doSetup'));
 

tests/HTMLPurifier/EntityParserTest.php

@@ -5,6 +5,8 @@ class HTMLPurifier_EntityParserTest extends HTMLPurifier_Harness
 
     protected $EntityParser;
 
+    protected $_entity_lookup;
+
     public function setUp()
     {
         $this->EntityParser = new HTMLPurifier_EntityParser();

tests/HTMLPurifier/Filter/ExtractStyleBlocksTest.php

@@ -214,6 +214,19 @@ text-align:right
         );
     }
 
+    public function test_keepImportantComments()
+    {
+        $this->assertCleanCSS(
+            "/*! Important */
+div {
+text-align:right /*! Important2 */
+}",
+            "div {
+text-align:right
+}"
+        );
+    }
+
     public function test_atSelector()
     {
         $this->assertCleanCSS(

tests/HTMLPurifier/Strategy/MakeWellFormed/EndRewindInjector.php

@@ -4,10 +4,13 @@ class HTMLPurifier_Strategy_MakeWellFormed_EndRewindInjector extends HTMLPurifie
 {
     public $name = 'EndRewindInjector';
     public $needed = array('span');
+    private $deleteElement = false;
+
     public function handleElement(&$token)
     {
-        if (isset($token->_InjectorTest_EndRewindInjector_delete)) {
+        if ($this->deleteElement) {
             $token = false;
+            $this->deleteElement = false;
         }
     }
     public function handleText(&$token)
@@ -23,7 +26,7 @@ class HTMLPurifier_Strategy_MakeWellFormed_EndRewindInjector extends HTMLPurifie
             $prev->name == 'span'
         ) {
             $token = false;
-            $prev->_InjectorTest_EndRewindInjector_delete = true;
+            $this->deleteElement = true;
             $this->rewindOffset(1);
         }
     }

tests/HTMLPurifier/Strategy/ValidateAttributesTest.php

@@ -258,6 +258,13 @@ class HTMLPurifier_Strategy_ValidateAttributesTest extends
         );
     }
 
+    public function testContentEditableAttribute()
+    {
+        $this->assertResult(
+            '<div contenteditable="false"></div>',
+            '<div contenteditable="false"></div>'
+        );
+    }
 }
 
 // vim: et sw=4 sts=4

tests/HTMLPurifier/URIFilter/HostBlacklistTest.php

@@ -28,6 +28,12 @@ class HTMLPurifier_URIFilter_HostBlacklistTest extends HTMLPurifier_URIFilterHar
         $this->assertFiltering('http://google.com');
     }
 
+    public function testFragment()
+    {
+        $this->config->set('URI.HostBlacklist', 'example.com');
+        $this->assertFiltering('#foo');
+    }
+
 }
 
 // vim: et sw=4 sts=4

tests/HTMLPurifier/URIFilter/MakeAbsoluteTest.php

@@ -40,6 +40,8 @@ class HTMLPurifier_URIFilter_MakeAbsoluteTest extends HTMLPurifier_URIFilterHarn
     public function testPreserveAltSchemeWithTel()
     {
         $this->assertFiltering('tel:+15555555555');
+        $this->assertFiltering('tel:+15555 555 555');
+        $this->assertFiltering('tel:+15555%20555%20555');
     }
 
     public function testFilterIgnoreHTTPSpecialCase()

tests/HTMLPurifier/URIFilterHarness.php

@@ -3,6 +3,11 @@
 class HTMLPurifier_URIFilterHarness extends HTMLPurifier_URIHarness
 {
 
+    /**
+     * @type HTMLPurifier_URIFilter
+     */
+    public $filter;
+
     protected function assertFiltering($uri, $expect_uri = true)
     {
         $this->prepareURI($uri, $expect_uri);

tests/HTMLPurifier/URIParserTest.php

@@ -75,6 +75,10 @@ class HTMLPurifier_URIParserTest extends HTMLPurifier_Harness
             'tel:+1 (555) 555-5555',
             'tel', null, null, null, '+1 (555) 555-5555', null, null
         );
+        $this->assertParsing(
+          'tel:+1%20(555)%20555-5555',
+          'tel', null, null, null, '+1%20(555)%20555-5555', null, null
+        );
     }
 
     public function testIPv4Address()

tests/HTMLPurifier/URISchemeTest.php

@@ -179,6 +179,13 @@ class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
         );
     }
 
+    public function test_tel_with_url_encoding()
+    {
+        $this->assertValidation(
+            'tel:+1%20(555)%20555-5555', 'tel:+15555555555'
+        );
+    }
+
     public function test_tel_regular()
     {
         $this->assertValidation(

tests/HTMLPurifier/UnitConverterTest.php

@@ -101,6 +101,13 @@ class HTMLPurifier_UnitConverterTest extends HTMLPurifier_Harness
         $this->assertConversion('111.12pt', '1.5433in');
         $this->assertConversion('11.112pt', '0.15433in');
     }
+    
+    public function testDecimalSeparatorComma()
+    {
+        setlocale(LC_ALL, 'de_DE@euro', 'de_DE', 'deu_deu');
+        $this->assertConversion('11.11px', '0.294cm');
+        setlocale(LC_ALL, '');
+    }
 
     public function testRoundingBigNumber()
     {

tests/common.php

@@ -1,5 +1,7 @@
 <?php
 
+require_once __DIR__.'/../vendor/autoload.php';
+
 if (!defined('HTMLPurifierTest')) {
     echo "Invalid entry point\n";
     exit;
@@ -27,8 +29,6 @@ $GLOBALS['HTMLPurifierTest']['PHPT'] = true; // do PHPT tests
 $GLOBALS['HTMLPurifierTest']['PH5P'] = class_exists('DOMDocument');
 
 // default library settings
-$simpletest_location = 'simpletest/'; // reasonable guess
-$csstidy_location = false;
 $versions_to_test = array();
 $php  = 'php';
 $phpv = 'phpv';
@@ -40,20 +40,6 @@ else {
     throw new Exception('Please create a test-settings.php file by copying test-settings.sample.php and configuring accordingly');
 }
 
-// load SimpleTest
-require_once $simpletest_location . 'unit_tester.php';
-require_once $simpletest_location . 'reporter.php';
-require_once $simpletest_location . 'mock_objects.php';
-require_once $simpletest_location . 'xml.php';
-require_once $simpletest_location . 'remote.php';
-
-// load CSS Tidy
-if ($csstidy_location !== false) {
-    $old = error_reporting(E_ALL);
-    require $csstidy_location . 'class.csstidy.php';
-    error_reporting($old);
-}
-
 // load PEAR to include path
 if ( is_string($GLOBALS['HTMLPurifierTest']['PEAR']) ) {
     // if PEAR is true, there's no need to add it to the path

tests/test_files.php

@@ -18,9 +18,7 @@ switch ($AC['type']) {
         $test_dirs[] = 'HTMLPurifier';
         $test_files[] = 'HTMLPurifierTest.php';
         $test_dirs_exclude['HTMLPurifier/Filter/ExtractStyleBlocksTest.php'] = true;
-        if ($csstidy_location) {
+        $test_files[] = 'HTMLPurifier/Filter/ExtractStyleBlocksTest.php';
-          $test_files[] = 'HTMLPurifier/Filter/ExtractStyleBlocksTest.php';
-        }
         if ($break) break;
     case 'configdoc':
         if (version_compare(PHP_VERSION, '5.2', '>=')) {
@@ -29,6 +27,7 @@ switch ($AC['type']) {
         if ($break) break;
     case 'fstools':
         $test_dirs[] = 'FSTools';
+        if ($break) break;
     case 'htmlt':
         $htmlt_dirs[] = 'HTMLPurifier/HTMLT';
         if ($break) break;

update-for-release

@@ -23,24 +23,7 @@ $version = trim($argv[1]);
 // ...in VERSION
 file_put_contents('VERSION', $version);
 
-// ...in NEWS
+$is_dev = strpos($version, 'dev') === false;
-if ($is_dev = (strpos($version, 'dev') === false)) {
-  $date = date('Y-m-d');
-  $news_c = str_replace(
-      $l = "$version, unknown release date",
-      "$version, released $date",
-      file_get_contents('NEWS'),
-      $c
-  );
-  if (!$c) {
-      echo 'Could not update NEWS, missing ' . $l . PHP_EOL;
-      exit;
-  } elseif ($c > 1) {
-      echo 'More than one release declaration in NEWS replaced' . PHP_EOL;
-      exit;
-  }
-  file_put_contents('NEWS', $news_c);
-}
 
 // ...in Doxyfile
 $doxyfile_c = preg_replace(
@@ -102,9 +85,22 @@ if (!$c) {
 }
 file_put_contents('library/HTMLPurifier/Config.php', $config_c);
 
+$includes = file_get_contents('library/HTMLPurifier.includes.php');
+$includes = preg_replace(
+    '/@version .+?/',
+    "@version $version",
+    $includes,
+    1, $c
+);
+if (!$c) {
+    echo 'Could not update HTMLPurifier.includes.php, missing @version docblock.' . PHP_EOL;
+    exit;
+}
+file_put_contents('HTMLPurifier.includes.php', $includes);
+
 passthru('maintenance/flush.sh');
 
-if ($is_dev) echo "Review changes, write something in WHATSNEW, and then commit with log 'Release $version.'" . PHP_EOL;
+if ($is_dev) echo "Review changes, and then commit with log 'Release $version.'" . PHP_EOL;
 else echo "Numbers updated to dev, no other modifications necessary!";
 
 // vim: et sw=4 sts=4