From 2189a9430fb9a7d4c8548c7612508cdf2c176397 Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Fri, 27 Apr 2012 17:44:49 -0400
Subject: [PATCH] Support for safe external scripts via explicit whitelist.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 configdoc/usage.xml                                |  12 +++++--
 library/HTMLPurifier.includes.php                  |   1 +
 library/HTMLPurifier.safe-includes.php             |   1 +
 library/HTMLPurifier/ConfigSchema/schema.ser       | Bin 14690 -> 14784 bytes
 .../ConfigSchema/schema/HTML.SafeScripting.txt     |  10 ++++++
 library/HTMLPurifier/HTMLModule/SafeScripting.php  |  37 +++++++++++++++++++++
 library/HTMLPurifier/HTMLModuleManager.php         |   3 ++
 .../HTMLPurifier/HTMLModule/SafeScriptingTest.php  |  33 ++++++++++++++++++
 8 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100644 library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
 create mode 100644 library/HTMLPurifier/HTMLModule/SafeScripting.php
 create mode 100644 tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php

diff --git a/configdoc/usage.xml b/configdoc/usage.xml
index dc79d45f..050d3384 100644
--- a/configdoc/usage.xml
+++ b/configdoc/usage.xml
@@ -209,16 +209,24 @@
    <line>228</line>
   </file>
  </directive>
- <directive id="HTML.Nofollow">
+ <directive id="HTML.SafeScripting">
   <file name="HTMLPurifier/HTMLModuleManager.php">
    <line>231</line>
   </file>
+  <file name="HTMLPurifier/HTMLModule/SafeScripting.php">
+   <line>17</line>
+  </file>
  </directive>
- <directive id="HTML.TargetBlank">
+ <directive id="HTML.Nofollow">
   <file name="HTMLPurifier/HTMLModuleManager.php">
    <line>234</line>
   </file>
  </directive>
+ <directive id="HTML.TargetBlank">
+  <file name="HTMLPurifier/HTMLModuleManager.php">
+   <line>237</line>
+  </file>
+ </directive>
  <directive id="Attr.IDBlacklist">
   <file name="HTMLPurifier/IDAccumulator.php">
    <line>26</line>
diff --git a/library/HTMLPurifier.includes.php b/library/HTMLPurifier.includes.php
index 0ceff6a9..7feecefe 100644
--- a/library/HTMLPurifier.includes.php
+++ b/library/HTMLPurifier.includes.php
@@ -165,6 +165,7 @@ require 'HTMLPurifier/HTMLModule/Proprietary.php';
 require 'HTMLPurifier/HTMLModule/Ruby.php';
 require 'HTMLPurifier/HTMLModule/SafeEmbed.php';
 require 'HTMLPurifier/HTMLModule/SafeObject.php';
+require 'HTMLPurifier/HTMLModule/SafeScripting.php';
 require 'HTMLPurifier/HTMLModule/Scripting.php';
 require 'HTMLPurifier/HTMLModule/StyleAttribute.php';
 require 'HTMLPurifier/HTMLModule/Tables.php';
diff --git a/library/HTMLPurifier.safe-includes.php b/library/HTMLPurifier.safe-includes.php
index d49b196c..e23a81a7 100644
--- a/library/HTMLPurifier.safe-includes.php
+++ b/library/HTMLPurifier.safe-includes.php
@@ -159,6 +159,7 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/Ruby.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/SafeEmbed.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/SafeScripting.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/Scripting.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/StyleAttribute.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/Tables.php';
diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser
index b106bcf798a893df8b98c41068b5fc014d4af770..32a02c4c53bbc1c587e0a3c66800764a1f763323 100644
GIT binary patch
delta 133
zcwT!{bf9>GIiuO;|AOmzWi70fJVJbZ^nw%9QiGF=G7CyF^U{^96Rixas%tl|mcPV2
fd7GdIv8tI_7%exiR}K=8!l5$L%3||h<5X4vd*?1(

delta 45
wcwReD{HSPxIiu-jd7<^Zo8QTwXP$gb&;!a}{7#;Q(PHy^<sgC0@g|9^0H!Jt4*&oF

diff --git a/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt b/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
new file mode 100644
index 00000000..5ebc7a19
--- /dev/null
+++ b/library/HTMLPurifier/ConfigSchema/schema/HTML.SafeScripting.txt
@@ -0,0 +1,10 @@
+HTML.SafeScripting
+TYPE: lookup
+VERSION: 4.5.0
+DEFAULT: array()
+--DESCRIPTION--
+<p>
+    Whether or not to permit script tags to external scripts in documents.
+    Inline scripting is not allowed, and the script must match an explicit whitelist.
+</p>
+--# vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/HTMLModule/SafeScripting.php b/library/HTMLPurifier/HTMLModule/SafeScripting.php
new file mode 100644
index 00000000..e32a6b6c
--- /dev/null
+++ b/library/HTMLPurifier/HTMLModule/SafeScripting.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * A "safe" script module. No inline JS is allowed, and pointed to JS
+ * files must match whitelist.
+ */
+class HTMLPurifier_HTMLModule_SafeScripting extends HTMLPurifier_HTMLModule
+{
+
+    public $name = 'SafeScripting';
+
+    public function setup($config) {
+
+        // These definitions are not intrinsically safe: the attribute transforms
+        // are a vital part of ensuring safety.
+
+        $allowed = $config->get('HTML.SafeScripting');
+        $script = $this->addElement(
+            'script',
+            'Inline',
+            'Empty',
+            null,
+            array(
+                // While technically not required by the spec, we're forcing
+                // it to this value.
+                'type' => 'Enum#text/javascript',
+                'src*'  => new HTMLPurifier_AttrDef_Enum(array_keys($allowed))
+            )
+        );
+        $script->attr_transform_pre[] =
+        $script->attr_transform_post[] = new HTMLPurifier_AttrTransform_ScriptRequired();
+
+    }
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/library/HTMLPurifier/HTMLModuleManager.php b/library/HTMLPurifier/HTMLModuleManager.php
index 7a06fc02..21530868 100644
--- a/library/HTMLPurifier/HTMLModuleManager.php
+++ b/library/HTMLPurifier/HTMLModuleManager.php
@@ -228,6 +228,9 @@ class HTMLPurifier_HTMLModuleManager
         if ($config->get('HTML.SafeEmbed')) {
             $modules[] = 'SafeEmbed';
         }
+        if ($config->get('HTML.SafeScripting') !== array()) {
+            $modules[] = 'SafeScripting';
+        }
         if ($config->get('HTML.Nofollow')) {
             $modules[] = 'Nofollow';
         }
diff --git a/tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php b/tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php
new file mode 100644
index 00000000..98b6212f
--- /dev/null
+++ b/tests/HTMLPurifier/HTMLModule/SafeScriptingTest.php
@@ -0,0 +1,33 @@
+<?php
+
+class HTMLPurifier_HTMLModule_SafeScriptingTest extends HTMLPurifier_HTMLModuleHarness
+{
+
+    function setUp() {
+        parent::setUp();
+        $this->config->set('HTML.SafeScripting', array('http://localhost/foo.js'));
+    }
+
+    function testMinimal() {
+        $this->assertResult(
+            '<script></script>',
+            ''
+        );
+    }
+
+    function testGood() {
+        $this->assertResult(
+            '<script type="text/javascript" src="http://localhost/foo.js" />'
+        );
+    }
+
+    function testBad() {
+        $this->assertResult(
+            '<script type="text/javascript" src="http://localhost/foobar.js" />',
+            ''
+        );
+    }
+
+}
+
+// vim: et sw=4 sts=4
-- 
2.11.4.GIT