From 4754d407aa26be2b608c59a073313b4aeda98683 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Thu, 28 Oct 2010 17:24:07 +0100 Subject: [PATCH] Fix removal of id with DirectLex by preserving armor. Signed-off-by: Edward Z. Yang --- NEWS | 2 ++ library/HTMLPurifier/Strategy/MakeWellFormed.php | 4 ++-- library/HTMLPurifier/Token/Tag.php | 3 ++- tests/HTMLPurifier/HTMLT/id-img.htmlt | 8 ++++++++ tests/HTMLPurifier/LexerTest.php | 26 ++++++++++++++++++++++++ 5 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 tests/HTMLPurifier/HTMLT/id-img.htmlt diff --git a/NEWS b/NEWS index 247c6799..7a2d4236 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier - Make removal of conditional IE comments ungreedy; thanks Bernd for reporting. - Escape CDATA before removing Internet Explorer comments. +- Fix removal of id attributes under certain conditions by ensuring + armor attributes are preserved when recreating tags. 4.2.0, released 2010-09-15 ! Added %Core.RemoveProcessingInstructions, which lets you remove diff --git a/library/HTMLPurifier/Strategy/MakeWellFormed.php b/library/HTMLPurifier/Strategy/MakeWellFormed.php index c7365840..d3f01578 100644 --- a/library/HTMLPurifier/Strategy/MakeWellFormed.php +++ b/library/HTMLPurifier/Strategy/MakeWellFormed.php @@ -193,12 +193,12 @@ class HTMLPurifier_Strategy_MakeWellFormed extends HTMLPurifier_Strategy $ok = false; if ($type === 'empty' && $token instanceof HTMLPurifier_Token_Start) { // claims to be a start tag but is empty - $token = new HTMLPurifier_Token_Empty($token->name, $token->attr); + $token = new HTMLPurifier_Token_Empty($token->name, $token->attr, $token->line, $token->col, $token->armor); $ok = true; } elseif ($type && $type !== 'empty' && $token instanceof HTMLPurifier_Token_Empty) { // claims to be empty but really is a start tag $this->swap(new HTMLPurifier_Token_End($token->name)); - $this->insertBefore(new HTMLPurifier_Token_Start($token->name, $token->attr)); + $this->insertBefore(new HTMLPurifier_Token_Start($token->name, $token->attr, $token->line, $token->col, $token->armor)); // punt (since we had to modify the input stream in a non-trivial way) $reprocess = true; continue; diff --git a/library/HTMLPurifier/Token/Tag.php b/library/HTMLPurifier/Token/Tag.php index 798be028..f4d8f640 100644 --- a/library/HTMLPurifier/Token/Tag.php +++ b/library/HTMLPurifier/Token/Tag.php @@ -33,7 +33,7 @@ class HTMLPurifier_Token_Tag extends HTMLPurifier_Token * @param $name String name. * @param $attr Associative array of attributes. */ - public function __construct($name, $attr = array(), $line = null, $col = null) { + public function __construct($name, $attr = array(), $line = null, $col = null, $armor = array()) { $this->name = ctype_lower($name) ? $name : strtolower($name); foreach ($attr as $key => $value) { // normalization only necessary when key is not lowercase @@ -50,6 +50,7 @@ class HTMLPurifier_Token_Tag extends HTMLPurifier_Token $this->attr = $attr; $this->line = $line; $this->col = $col; + $this->armor = $armor; } } diff --git a/tests/HTMLPurifier/HTMLT/id-img.htmlt b/tests/HTMLPurifier/HTMLT/id-img.htmlt new file mode 100644 index 00000000..12755bea --- /dev/null +++ b/tests/HTMLPurifier/HTMLT/id-img.htmlt @@ -0,0 +1,8 @@ +--INI-- +Attr.EnableID = true +Core.LexerImpl = DirectLex +--HTML-- +[Img #11775] +--EXPECT-- +[Img #11775] +--# vim: et sw=4 sts=4 diff --git a/tests/HTMLPurifier/LexerTest.php b/tests/HTMLPurifier/LexerTest.php index abe1eb87..f2e63ecc 100644 --- a/tests/HTMLPurifier/LexerTest.php +++ b/tests/HTMLPurifier/LexerTest.php @@ -754,6 +754,32 @@ div {} ); } + function test_tokenizeHTML_imgTag() { + $this->assertTokenization( + '[Img #11775]', + array( + new HTMLPurifier_Token_Empty('img', + array( + 'src' => 'img_11775.jpg', + 'alt' => '[Img #11775]', + 'id' => 'EMBEDDED_IMG_11775', + ) + ) + ), + array( + 'DirectLex' => array( + new HTMLPurifier_Token_Start('img', + array( + 'src' => 'img_11775.jpg', + 'alt' => '[Img #11775]', + 'id' => 'EMBEDDED_IMG_11775', + ) + ) + ), + ) + ); + } + /* -- 2.11.4.GIT