-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add HTML.Link config switch, refactor shared rel validation logic
- Loading branch information
Showing
9 changed files
with
171 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,22 @@ | ||
<?php | ||
|
||
/* | ||
* Keywords that are body-ok affect whether link elements are allowed in the body. | ||
* The body-ok keywords are dns-prefetch, modulepreload, pingback, preconnect, prefetch, preload, prerender, | ||
* and stylesheet. | ||
* | ||
* https://html.spec.whatwg.org/multipage/links.html#body-ok | ||
/** | ||
* Validates 'rel' attribute on <link> elements, as defined by the HTML5 spec. | ||
* | ||
* @note We cannot use Enum because multiple values are allowed. | ||
* Keywords that are body-ok affect whether link elements are allowed in the body. | ||
* @see https://html.spec.whatwg.org/multipage/links.html#body-ok | ||
* @see https://html.spec.whatwg.org/multipage/links.html#linkTypes | ||
*/ | ||
class HTMLPurifier_AttrDef_HTML5_LinkRel extends HTMLPurifier_AttrDef_HTML5_ARel | ||
class HTMLPurifier_AttrDef_HTML5_LinkRel extends HTMLPurifier_AttrDef_HTML5_Rel | ||
{ | ||
/** | ||
* Lookup table for valid values | ||
* @var array | ||
*/ | ||
protected static $values = array( | ||
'dns-prefetch' => true, | ||
'modulepreload' => true, | ||
'pingback' => true, | ||
'preconnect' => true, | ||
'prefetch' => true, | ||
'preload' => true, | ||
'prerender' => true, | ||
'stylesheet' => true, | ||
); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
<?php | ||
|
||
/** | ||
* Shared validation logic for 'rel' attribute on <a>, <area>, <form> and <link> elements, | ||
* as defined by the HTML5 spec and the MicroFormats link type extensions tables. | ||
* | ||
* @see https://html.spec.whatwg.org/multipage/links.html#linkTypes | ||
*/ | ||
abstract class HTMLPurifier_AttrDef_HTML5_Rel extends HTMLPurifier_AttrDef | ||
{ | ||
/** | ||
* Lookup table for valid rel values. | ||
* Stored as a static variable to minimize serialization footprint. | ||
* @var array | ||
*/ | ||
protected static $values = array(); | ||
|
||
/** | ||
* Lazy loaded lookup for allowed rel values, based on provided config. | ||
* @var array | ||
*/ | ||
protected $allowed; | ||
|
||
/** | ||
* @param string $string | ||
* @param HTMLPurifier_Config $config | ||
* @param HTMLPurifier_Context $context | ||
* @return bool|string | ||
*/ | ||
public function validate($string, $config, $context) | ||
{ | ||
if ($this->allowed === null) { | ||
$allowedRel = (array) $config->get('Attr.AllowedRel'); | ||
if (empty($allowedRel)) { | ||
$allowed = array(); | ||
} else { | ||
$allowed = array_intersect_key($allowedRel, static::$values); | ||
} | ||
$this->allowed = $allowed; | ||
} | ||
|
||
$string = $this->parseCDATA($string); | ||
$parts = explode(' ', $string); | ||
|
||
$result = array(); | ||
foreach ($parts as $part) { | ||
// Link type keywords are always ASCII case-insensitive, and must be compared as such. | ||
// https://html.spec.whatwg.org/multipage/links.html#linkTypes | ||
$part = strtolower(trim($part)); | ||
if (!isset($this->allowed[$part])) { | ||
continue; | ||
} | ||
$result[$part] = true; | ||
} | ||
|
||
if (empty($result)) { | ||
return false; | ||
} | ||
|
||
return implode(' ', array_keys($result)); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,10 @@ | ||
<?php | ||
|
||
class HTMLPurifier_HTML5URIDefinition | ||
abstract class HTMLPurifier_HTML5URIDefinition | ||
{ | ||
public static function setupDefinition(HTMLPurifier_URIDefinition $def, HTMLPurifier_Config $config) | ||
{ | ||
$def->registerFilter(new HTMLPurifier_URIFilter_SafeLink); | ||
|
||
$def->registerFilter(new HTMLPurifier_URIFilter_HTML5_SafeLink()); | ||
return $def; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters