mirror of
https://github.com/moodle/moodle.git
synced 2025-04-20 07:56:06 +02:00
Merge branch 'MDL-84154_upgrade-HTML-Purifier-to-latest-4-18-0' of https://github.com/ziegenberg/moodle
This commit is contained in:
Jun Pataleta
commit
2822054bbd
@ -19,7 +19,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
HTML Purifier 4.17.0 - Standards Compliant HTML Filtering
|
||||
HTML Purifier 4.18.0 - Standards Compliant HTML Filtering
|
||||
Copyright (C) 2006-2008 Edward Z. Yang
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
@ -58,12 +58,12 @@ class HTMLPurifier
|
||||
* Version of HTML Purifier.
|
||||
* @type string
|
||||
*/
|
||||
public $version = '4.17.0';
|
||||
public $version = '4.18.0';
|
||||
|
||||
/**
|
||||
* Constant with version of HTML Purifier.
|
||||
*/
|
||||
const VERSION = '4.17.0';
|
||||
const VERSION = '4.18.0';
|
||||
|
||||
/**
|
||||
* Global configuration object.
|
||||
|
||||
@ -95,6 +95,7 @@ require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Multiple.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Ratio.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php';
|
||||
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
|
||||
|
||||
@ -27,6 +27,13 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
|
||||
$definition = $config->getCSSDefinition();
|
||||
$allow_duplicates = $config->get("CSS.AllowDuplicates");
|
||||
|
||||
$universal_attrdef = new HTMLPurifier_AttrDef_Enum(
|
||||
array(
|
||||
'initial',
|
||||
'inherit',
|
||||
'unset',
|
||||
)
|
||||
);
|
||||
|
||||
// According to the CSS2.1 spec, the places where a
|
||||
// non-delimiting semicolon can appear are in strings
|
||||
@ -96,16 +103,13 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef
|
||||
if (!$ok) {
|
||||
continue;
|
||||
}
|
||||
// inefficient call, since the validator will do this again
|
||||
if (strtolower(trim($value)) !== 'inherit') {
|
||||
// inherit works for everything (but only on the base property)
|
||||
$result = $universal_attrdef->validate($value, $config, $context);
|
||||
if ($result === false) {
|
||||
$result = $definition->info[$property]->validate(
|
||||
$value,
|
||||
$config,
|
||||
$context
|
||||
);
|
||||
} else {
|
||||
$result = 'inherit';
|
||||
}
|
||||
if ($result === false) {
|
||||
continue;
|
||||
|
||||
46
lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ratio.php
Normal file
46
lib/htmlpurifier/HTMLPurifier/AttrDef/CSS/Ratio.php
Normal file
@ -0,0 +1,46 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Validates a ratio as defined by the CSS spec.
|
||||
*/
|
||||
class HTMLPurifier_AttrDef_CSS_Ratio extends HTMLPurifier_AttrDef
|
||||
{
|
||||
/**
|
||||
* @param string $ratio Ratio to validate
|
||||
* @param HTMLPurifier_Config $config Configuration options
|
||||
* @param HTMLPurifier_Context $context Context
|
||||
*
|
||||
* @return string|boolean
|
||||
*
|
||||
* @warning Some contexts do not pass $config, $context. These
|
||||
* variables should not be used without checking HTMLPurifier_Length
|
||||
*/
|
||||
public function validate($ratio, $config, $context)
|
||||
{
|
||||
$ratio = $this->parseCDATA($ratio);
|
||||
|
||||
$parts = explode('/', $ratio, 2);
|
||||
$length = count($parts);
|
||||
|
||||
if ($length < 1 || $length > 2) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$num = new \HTMLPurifier_AttrDef_CSS_Number();
|
||||
|
||||
if ($length === 1) {
|
||||
return $num->validate($parts[0], $config, $context);
|
||||
}
|
||||
|
||||
$num1 = $num->validate($parts[0], $config, $context);
|
||||
$num2 = $num->validate($parts[1], $config, $context);
|
||||
|
||||
if ($num1 === false || $num2 === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $num1 . '/' . $num2;
|
||||
}
|
||||
}
|
||||
|
||||
// vim: et sw=4 sts=4
|
||||
@ -63,24 +63,18 @@ class HTMLPurifier_AttrDef_URI_Host extends HTMLPurifier_AttrDef
|
||||
// This doesn't match I18N domain names, but we don't have proper IRI support,
|
||||
// so force users to insert Punycode.
|
||||
|
||||
// There is not a good sense in which underscores should be
|
||||
// allowed, since it's technically not! (And if you go as
|
||||
// far to allow everything as specified by the DNS spec...
|
||||
// well, that's literally everything, modulo some space limits
|
||||
// for the components and the overall name (which, by the way,
|
||||
// we are NOT checking!). So we (arbitrarily) decide this:
|
||||
// let's allow underscores wherever we would have allowed
|
||||
// hyphens, if they are enabled. This is a pretty good match
|
||||
// for browser behavior, for example, a large number of browsers
|
||||
// cannot handle foo_.example.com, but foo_bar.example.com is
|
||||
// fairly well supported.
|
||||
// Underscores defined as Unreserved Characters in RFC 3986 are
|
||||
// allowed in a URI. There are cases where we want to consider a
|
||||
// URI containing "_" such as "_dmarc.example.com".
|
||||
// Underscores are not allowed in the default. If you want to
|
||||
// allow it, set Core.AllowHostnameUnderscore to true.
|
||||
$underscore = $config->get('Core.AllowHostnameUnderscore') ? '_' : '';
|
||||
|
||||
// Based off of RFC 1738, but amended so that
|
||||
// as per RFC 3696, the top label need only not be all numeric.
|
||||
// The productions describing this are:
|
||||
$a = '[a-z]'; // alpha
|
||||
$an = '[a-z0-9]'; // alphanum
|
||||
$an = "[a-z0-9$underscore]"; // alphanum
|
||||
$and = "[a-z0-9-$underscore]"; // alphanum | "-"
|
||||
// domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
|
||||
$domainlabel = "$an(?:$and*$an)?";
|
||||
|
||||
@ -116,8 +116,6 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
'auto',
|
||||
'cover',
|
||||
'contain',
|
||||
'initial',
|
||||
'inherit',
|
||||
]
|
||||
),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(),
|
||||
@ -236,21 +234,20 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
[
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(true),
|
||||
new HTMLPurifier_AttrDef_Enum(['auto', 'initial', 'inherit'])
|
||||
new HTMLPurifier_AttrDef_Enum(['auto'])
|
||||
]
|
||||
);
|
||||
$trusted_min_wh = new HTMLPurifier_AttrDef_CSS_Composite(
|
||||
[
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(true),
|
||||
new HTMLPurifier_AttrDef_Enum(['initial', 'inherit'])
|
||||
]
|
||||
);
|
||||
$trusted_max_wh = new HTMLPurifier_AttrDef_CSS_Composite(
|
||||
[
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0'),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(true),
|
||||
new HTMLPurifier_AttrDef_Enum(['none', 'initial', 'inherit'])
|
||||
new HTMLPurifier_AttrDef_Enum(['none'])
|
||||
]
|
||||
);
|
||||
$max = $config->get('CSS.MaxImgLength');
|
||||
@ -278,12 +275,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
new HTMLPurifier_AttrDef_Switch(
|
||||
'img',
|
||||
// For img tags:
|
||||
new HTMLPurifier_AttrDef_CSS_Composite(
|
||||
[
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
|
||||
new HTMLPurifier_AttrDef_Enum(['initial', 'inherit'])
|
||||
]
|
||||
),
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
|
||||
// For everyone else:
|
||||
$trusted_min_wh
|
||||
);
|
||||
@ -297,22 +289,29 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
new HTMLPurifier_AttrDef_CSS_Composite(
|
||||
[
|
||||
new HTMLPurifier_AttrDef_CSS_Length('0', $max),
|
||||
new HTMLPurifier_AttrDef_Enum(['none', 'initial', 'inherit'])
|
||||
new HTMLPurifier_AttrDef_Enum(['none'])
|
||||
]
|
||||
),
|
||||
// For everyone else:
|
||||
$trusted_max_wh
|
||||
);
|
||||
|
||||
$this->info['aspect-ratio'] = new HTMLPurifier_AttrDef_CSS_Multiple(
|
||||
new HTMLPurifier_AttrDef_CSS_Composite([
|
||||
new HTMLPurifier_AttrDef_CSS_Ratio(),
|
||||
new HTMLPurifier_AttrDef_Enum(['auto']),
|
||||
])
|
||||
);
|
||||
|
||||
// text-decoration and related shorthands
|
||||
$this->info['text-decoration'] = new HTMLPurifier_AttrDef_CSS_TextDecoration();
|
||||
|
||||
$this->info['text-decoration-line'] = new HTMLPurifier_AttrDef_Enum(
|
||||
['none', 'underline', 'overline', 'line-through', 'initial', 'inherit']
|
||||
['none', 'underline', 'overline', 'line-through']
|
||||
);
|
||||
|
||||
$this->info['text-decoration-style'] = new HTMLPurifier_AttrDef_Enum(
|
||||
['solid', 'double', 'dotted', 'dashed', 'wavy', 'initial', 'inherit']
|
||||
['solid', 'double', 'dotted', 'dashed', 'wavy']
|
||||
);
|
||||
|
||||
$this->info['text-decoration-color'] = new HTMLPurifier_AttrDef_CSS_Color();
|
||||
@ -320,7 +319,7 @@ class HTMLPurifier_CSSDefinition extends HTMLPurifier_Definition
|
||||
$this->info['text-decoration-thickness'] = new HTMLPurifier_AttrDef_CSS_Composite([
|
||||
new HTMLPurifier_AttrDef_CSS_Length(),
|
||||
new HTMLPurifier_AttrDef_CSS_Percentage(),
|
||||
new HTMLPurifier_AttrDef_Enum(['auto', 'from-font', 'initial', 'inherit'])
|
||||
new HTMLPurifier_AttrDef_Enum(['auto', 'from-font'])
|
||||
]);
|
||||
|
||||
$this->info['font-family'] = new HTMLPurifier_AttrDef_CSS_FontFamily();
|
||||
|
||||
@ -190,6 +190,9 @@ class HTMLPurifier_ChildDef_Table extends HTMLPurifier_ChildDef
|
||||
$current_tr_tbody = null;
|
||||
|
||||
foreach($content as $node) {
|
||||
if (!isset($node->name)) {
|
||||
continue;
|
||||
}
|
||||
switch ($node->name) {
|
||||
case 'tbody':
|
||||
$current_tr_tbody = null;
|
||||
|
||||
@ -21,7 +21,7 @@ class HTMLPurifier_Config
|
||||
* HTML Purifier's version
|
||||
* @type string
|
||||
*/
|
||||
public $version = '4.17.0';
|
||||
public $version = '4.18.0';
|
||||
|
||||
/**
|
||||
* Whether or not to automatically finalize
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -0,0 +1,10 @@
|
||||
Core.RemoveBlanks
|
||||
TYPE: bool
|
||||
DEFAULT: false
|
||||
VERSION: 4.18
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
If set to true, blank nodes will be removed. This can be useful for maintaining
|
||||
backwards compatibility when upgrading from previous versions of PHP.
|
||||
</p>
|
||||
--# vim: et sw=4 sts=4
|
||||
0
lib/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README
Normal file → Executable file
0
lib/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/README
Normal file → Executable file
@ -116,8 +116,8 @@ class HTMLPurifier_EntityParser
|
||||
protected function entityCallback($matches)
|
||||
{
|
||||
$entity = $matches[0];
|
||||
$hex_part = @$matches[1];
|
||||
$dec_part = @$matches[2];
|
||||
$hex_part = isset($matches[1]) ? $matches[1] : null;
|
||||
$dec_part = isset($matches[2]) ? $matches[2] : null;
|
||||
$named_part = empty($matches[3]) ? (empty($matches[4]) ? "" : $matches[4]) : $matches[3];
|
||||
if ($hex_part !== NULL && $hex_part !== "") {
|
||||
return HTMLPurifier_Encoder::unichr(hexdec($hex_part));
|
||||
|
||||
@ -54,6 +54,11 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
|
||||
*/
|
||||
private $_enum_attrdef;
|
||||
|
||||
/**
|
||||
* @type HTMLPurifier_AttrDef_Enum
|
||||
*/
|
||||
private $_universal_attrdef;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->_tidy = new csstidy();
|
||||
@ -70,6 +75,13 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
|
||||
'focus'
|
||||
)
|
||||
);
|
||||
$this->_universal_attrdef = new HTMLPurifier_AttrDef_Enum(
|
||||
array(
|
||||
'initial',
|
||||
'inherit',
|
||||
'unset',
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -307,6 +319,11 @@ class HTMLPurifier_Filter_ExtractStyleBlocks extends HTMLPurifier_Filter
|
||||
unset($style[$name]);
|
||||
continue;
|
||||
}
|
||||
$uni_ret = $this->_universal_attrdef->validate($value, $config, $context);
|
||||
if ($uni_ret !== false) {
|
||||
$style[$name] = $uni_ret;
|
||||
continue;
|
||||
}
|
||||
$def = $css_definition->info[$name];
|
||||
$ret = $def->validate($value, $config, $context);
|
||||
if ($ret === false) {
|
||||
|
||||
@ -28,22 +28,28 @@ class HTMLPurifier_HTMLModule_Iframe extends HTMLPurifier_HTMLModule
|
||||
if ($config->get('HTML.SafeIframe')) {
|
||||
$this->safe = true;
|
||||
}
|
||||
$attrs = array(
|
||||
'src' => 'URI#embedded',
|
||||
'width' => 'Length',
|
||||
'height' => 'Length',
|
||||
'name' => 'ID',
|
||||
'scrolling' => 'Enum#yes,no,auto',
|
||||
'frameborder' => 'Enum#0,1',
|
||||
'longdesc' => 'URI',
|
||||
'marginheight' => 'Pixels',
|
||||
'marginwidth' => 'Pixels',
|
||||
);
|
||||
|
||||
if ($config->get('HTML.Trusted')) {
|
||||
$attrs['allowfullscreen'] = 'Bool#allowfullscreen';
|
||||
}
|
||||
|
||||
$this->addElement(
|
||||
'iframe',
|
||||
'Inline',
|
||||
'Flow',
|
||||
'Common',
|
||||
array(
|
||||
'src' => 'URI#embedded',
|
||||
'width' => 'Length',
|
||||
'height' => 'Length',
|
||||
'name' => 'ID',
|
||||
'scrolling' => 'Enum#yes,no,auto',
|
||||
'frameborder' => 'Enum#0,1',
|
||||
'longdesc' => 'URI',
|
||||
'marginheight' => 'Pixels',
|
||||
'marginwidth' => 'Pixels',
|
||||
)
|
||||
$attrs
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -269,20 +269,6 @@ class HTMLPurifier_Lexer
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Special Internet Explorer conditional comments should be removed.
|
||||
* @param string $string HTML string to process.
|
||||
* @return string HTML with conditional comments removed.
|
||||
*/
|
||||
protected static function removeIEConditional($string)
|
||||
{
|
||||
return preg_replace(
|
||||
'#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
|
||||
'',
|
||||
$string
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Callback function for escapeCDATA() that does the work.
|
||||
*
|
||||
@ -323,8 +309,6 @@ class HTMLPurifier_Lexer
|
||||
// escape CDATA
|
||||
$html = $this->escapeCDATA($html);
|
||||
|
||||
$html = $this->removeIEConditional($html);
|
||||
|
||||
// extract body from document if applicable
|
||||
if ($config->get('Core.ConvertDocumentToFragment')) {
|
||||
$e = false;
|
||||
|
||||
@ -72,6 +72,9 @@ class HTMLPurifier_Lexer_DOMLex extends HTMLPurifier_Lexer
|
||||
if ($config->get('Core.AllowParseManyTags') && defined('LIBXML_PARSEHUGE')) {
|
||||
$options |= LIBXML_PARSEHUGE;
|
||||
}
|
||||
if ($config->get('Core.RemoveBlanks') && defined('LIBXML_NOBLANKS')) {
|
||||
$options |= LIBXML_NOBLANKS;
|
||||
}
|
||||
|
||||
set_error_handler(array($this, 'muteErrorHandler'));
|
||||
// loadHTML() fails on PHP 5.3 when second parameter is given
|
||||
|
||||
@ -44,7 +44,7 @@ abstract class HTMLPurifier_Token_Tag extends HTMLPurifier_Token
|
||||
$this->name = ctype_lower($name) ? $name : strtolower($name);
|
||||
foreach ($attr as $key => $value) {
|
||||
// normalization only necessary when key is not lowercase
|
||||
if (!ctype_lower($key)) {
|
||||
if (!ctype_lower((string)$key)) {
|
||||
$new_key = strtolower($key);
|
||||
if (!isset($attr[$new_key])) {
|
||||
$attr[$new_key] = $attr[$key];
|
||||
|
||||
@ -100,7 +100,7 @@
|
||||
<location>htmlpurifier</location>
|
||||
<name>HTML Purifier</name>
|
||||
<description>Filters HTML.</description>
|
||||
<version>4.17.0</version>
|
||||
<version>4.18.0</version>
|
||||
<license>LGPL</license>
|
||||
<licenseversion>2.1+</licenseversion>
|
||||
<repository>https://github.com/ezyang/htmlpurifier</repository>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user