Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add contenteditable attribute definition #332

Merged
merged 3 commits into from
Sep 6, 2022
Merged

Add contenteditable attribute definition #332

merged 3 commits into from
Sep 6, 2022

Conversation

bytestream
Copy link
Contributor

ezyang
ezyang reviewed Sep 6, 2022
View reviewed changes
library/HTMLPurifier/AttrDef/HTML/ContentEditable.php
@@ -0,0 +1,23 @@
<?php

class HTMLPurifier_AttrDef_HTML_ContentEditable extends HTMLPurifier_AttrDef
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just use Enum here?

@bytestream bytestream mentioned this pull request Sep 6, 2022
Closed
@ezyang
Copy link
Owner

ezyang commented Sep 6, 2022

This is OK. If we put this in the library proper, it needs to be gated the same way textarea is gated.

@bytestream
Copy link
Contributor Author

I only actually want to allow false so maybe contenteditable="false can be permitted, and contenteditable="" or contenteditable="true" only permitted when HTML.Trusted is enabled?

@ezyang
Copy link
Owner

ezyang commented Sep 6, 2022

Sure. Though, if you only want false, I wonder why not just disallow the attribute entirely haha.

@bytestream
Copy link
Contributor Author

The attribute has significance in wysiwyg editors. When htmlpurifier removes it, the editors behaviour differently :p

@bytestream
Copy link
Contributor Author

How about that? 👀

ezyang
ezyang approved these changes Sep 6, 2022
View reviewed changes
Copy link
Owner

@ezyang ezyang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not very idiomatic but whatever

@ezyang ezyang merged commit dbbd3e5 into ezyang:master Sep 6, 2022
@bytestream bytestream deleted the content-editable-attr branch September 7, 2022 08:24
@bytestream bytestream mentioned this pull request Sep 9, 2022
Merged
ezyang added a commit that referenced this pull request Sep 18, 2022
@bytestream @zerocrates
@TimWolla @ezyang
feat: add semantic release (#307)
db31243 
* Add semantic release

* fix typo

* split from matrix

* remove only on push

* remove npm plugin

* write changelog to NEWS

* list assets to include in git commit

* fix update-for-release

* lint pr title

* split release into separate workflow that runs manually

* revert ci.yml changes

* remove references to WHATSNEW

* Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter (#323)

* Replace 8.1-deprecated utf8_ funcs with mbstring (#326)

* Treat PHP version numbers as strings in GitHub Actions (#327)

YAML will try to interpret numeric values as numbers, leading to `8.0` being
interpreted as `8` instead of `'8.0'`.

This doesn't result in a functional change, but cleans up the output of the
jobs a little (e.g. in the title line).

* Update to `actions/checkout@v3` (#328)

This does not introduce any functional difference and is intended as a
future-proofing change.

see https://github.com/actions/checkout/releases/tag/v3.0.0

* Fix test selection logic in tests/test_files.php (#329)

Selecting the `fstools` tests also executed the `htmlt` tests.

* Fix some more PHP 8.2 deprecations (#330)

* Define HTMLPurifier_AttrTransform_SafeParam::$wmode

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_EntityParserTest::$_entity_lookup

This fixes a PHP 8.2 deprecation.

* Increase minimum requirement to PHP 5.6 (#331)

* Add contenteditable attribute definition (#332)

* Add contenteditable attribute definition

* gate behind html.trusted

* use enum

* Fix creation of dynamic property (#333)

* Fix creation of dynamic property (#337)

* Add PHP 8.2 to CI (#335)

* Add PHP 8.2 to CI

see #334

* Add PHP 8.2 to composer.json

* Fix contenteditable attribute definition (#336)

* Run CSSTidy tests on CI (#338)

* Run CSSTidy tests on CI

* update dirname

* use compopser instead of git clone

* use composer

* use test-settings.sample.php

* enable ext-intl

* disable Net_IDNA2

* Release 4.15.0

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
Co-authored-by: John Flatness <john@zerocrates.org>
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
Co-authored-by: Edward Z. Yang <ezyang@mit.edu>
github-actions bot pushed a commit that referenced this pull request Sep 18, 2022
@semantic-release-bot
chore(release): 4.16.0 [skip ci]
523407f 
# [4.16.0](v4.15.0...v4.16.0) (2022-09-18)

### Features

* add semantic release ([#307](#307)) ([db31243](db31243)), closes [#322](#322) [#323](#323) [#326](#326) [#327](#327) [#328](#328) [#329](#329) [#330](#330) [#331](#331) [#332](#332) [#333](#333) [#337](#337) [#335](#335) [#334](#334) [#336](#336) [#338](#338)
@xemlock xemlock mentioned this pull request Nov 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ezyang ezyang ezyang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bytestream @ezyang