From 913ac6955b6733d3148f2e2002f9e1120e85989c Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sun, 20 Dec 2015 11:53:54 -0800 Subject: [PATCH] CSS.AllowDuplicates for duplicate properties. Signed-off-by: Edward Z. Yang --- NEWS | 1 + library/HTMLPurifier/AttrDef/CSS.php | 9 +++++++-- library/HTMLPurifier/ConfigSchema/schema.ser | Bin 15305 -> 15398 bytes .../ConfigSchema/schema/CSS.AllowDuplicates.txt | 11 +++++++++++ tests/HTMLPurifier/AttrDef/CSSTest.php | 7 +++++++ 5 files changed, 26 insertions(+), 2 deletions(-) rewrite library/HTMLPurifier/ConfigSchema/schema.ser (92%) create mode 100644 library/HTMLPurifier/ConfigSchema/schema/CSS.AllowDuplicates.txt diff --git a/NEWS b/NEWS index cd86dc60..b8f09cfa 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier ========================== 4.8.0, unknown release date +! %CSS.AllowDuplicates permits duplicate CSS properties. - alt truncation could result in malformed UTF-8 sequence. Don't truncate. Thanks Brandon Farber for reporting. diff --git a/library/HTMLPurifier/AttrDef/CSS.php b/library/HTMLPurifier/AttrDef/CSS.php index 02c1641f..2b977ca3 100644 --- a/library/HTMLPurifier/AttrDef/CSS.php +++ b/library/HTMLPurifier/AttrDef/CSS.php @@ -25,6 +25,7 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef $css = $this->parseCDATA($css); $definition = $config->getCSSDefinition(); + $allow_duplicates = $config->get("CSS.AllowDuplicates"); // we're going to break the spec and explode by semicolons. // This is because semicolon rarely appears in escaped form @@ -34,6 +35,7 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef $declarations = explode(';', $css); $propvalues = array(); + $new_declarations = ''; /** * Name of the current CSS property being validated. @@ -83,7 +85,11 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef if ($result === false) { continue; } - $propvalues[$property] = $result; + if ($allow_duplicates) { + $new_declarations .= "$property:$result;"; + } else { + $propvalues[$property] = $result; + } } $context->destroy('CurrentCSSProperty'); @@ -92,7 +98,6 @@ class HTMLPurifier_AttrDef_CSS extends HTMLPurifier_AttrDef // slightly inefficient, but it's the only way of getting rid of // duplicates. Perhaps config to optimize it, but not now. - $new_declarations = ''; foreach ($propvalues as $prop => $value) { $new_declarations .= "$prop:$value;"; } diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser dissimilarity index 92% index 1e6ccd22755dfa27722e17f457a00ea42bdc1d6f..30785dcf52c6e4c95a489d008d6213b8653e5fcb 100644 GIT binary patch delta 112 zcwReMzN}(`8IzI0=9fZxEW(ynO3uN-dX70c`Q#k2VsjW!=tJ + By default, HTML Purifier removes duplicate CSS properties, + like color:red; color:blue. If this is set to + true, duplicate properties are allowed. +

+--# vim: et sw=4 sts=4 diff --git a/tests/HTMLPurifier/AttrDef/CSSTest.php b/tests/HTMLPurifier/AttrDef/CSSTest.php index 778a22bd..46779154 100644 --- a/tests/HTMLPurifier/AttrDef/CSSTest.php +++ b/tests/HTMLPurifier/AttrDef/CSSTest.php @@ -167,6 +167,13 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness $this->assertDef('z-index:-2;'); } + public function testAllowDuplicates() + { + $this->config->set('CSS.AllowDuplicates', true); + $this->assertDef('text-align:right;text-align:left;'); + $this->assertDef('text-align:right;text-align:left;text-align:right;'); + } + } // vim: et sw=4 sts=4 -- 2.11.4.GIT