From: Daniel Friesen Date: Mon, 20 Feb 2012 00:42:24 +0000 (+0000) Subject: Followup r111891; Update the test to also make sure things like http-equiv and rel... X-Git-Tag: 1.31.0-rc.0~24620 X-Git-Url: http://git.cyclocoop.org/%24image?a=commitdiff_plain;h=ce58ef75f4f97de9f803c589a898cf3fb3f9c7e9;p=lhc%2Fweb%2Fwiklou.git Followup r111891; Update the test to also make sure things like http-equiv and rel=stylesheet don't link through. And update the sanitizer code so that bad and tags show in proper plaintext when tidy is enabled just like they do when not. --- diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 785e2ec9c1..eb8710866a 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -564,16 +564,24 @@ class Sanitizer { preg_match( '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/', $x, $regs ); @list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs; + $badtag = false; if ( isset( $htmlelements[$t = strtolower( $t )] ) ) { if( is_callable( $processCallback ) ) { call_user_func_array( $processCallback, array( &$params, $args ) ); } + + if ( !Sanitizer::validateTag( $params, $t ) ) { + $badtag = true; + } + $newparams = Sanitizer::fixTagAttributes( $params, $t ); - $rest = str_replace( '>', '>', $rest ); - $text .= "<$slash$t$newparams$brace$rest"; - } else { - $text .= '<' . str_replace( '>', '>', $x); + if ( !$badtag ) { + $rest = str_replace( '>', '>', $rest ); + $text .= "<$slash$t$newparams$brace$rest"; + continue; + } } + $text .= '<' . str_replace( '>', '>', $x); } } wfProfileOut( __METHOD__ ); diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index 22970a147d..8535d78f1f 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -5425,16 +5425,20 @@ Sanitizer: Validating that and work, but only for Microdata
+ +
!! result

<meta http-equiv="refresh" content="5"> +

<link rel="stylesheet" href="http://Britney-Spears"> +
!! end