dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "Put the HTML attribute whitelist closer to HTML5"
[lhc/web/wiklou.git] / includes / Sanitizer.php
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index d09e8d9..4dbc9dd 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -54,7 +54,6 @@ class Sanitizer {
         * List of all named character entities defined in HTML 4.01
         * http://www.w3.org/TR/html4/sgml/entities.html
         * As well as ' which is only defined starting in XHTML1.
-        * @private
         */
        private static $htmlEntities = array(
                'Aacute'   => 193,
@@ -322,7 +321,6 @@ class Sanitizer {
 
        /**
         * Lazy-initialised attributes regex, see getAttribsRegex()
-        * @private
         */
        private static $attribsRegex;
 
@@ -1486,7 +1484,7 @@ class Sanitizer {
                }
 
                $block = array_merge( $common, array( 'align' ) );
-               $tablealign = array( 'align', 'char', 'charoff', 'valign' );
+               $tablealign = array( 'align', 'valign' );
                $tablecell = array(
                        'abbr',
                        'axis',
@@ -1506,7 +1504,7 @@ class Sanitizer {
                        # 7.5.4
                        'div'        => $block,
                        'center'     => $common, # deprecated
-                       'span'       => $block, # ??
+                       'span'       => $common,
 
                        # 7.5.5
                        'h1'         => $block,
@@ -1520,7 +1518,7 @@ class Sanitizer {
                        # address
 
                        # 8.2.4
-                       # bdo
+                       'bdo'        => $common,
 
                        # 9.2.1
                        'em'         => $common,
@@ -1536,7 +1534,7 @@ class Sanitizer {
 
                        # 9.2.2
                        'blockquote' => array_merge( $common, array( 'cite' ) ),
-                       # q
+                       'q'          => array_merge( $common, array( 'cite' ) ),
 
                        # 9.2.3
                        'sub'        => $common,
@@ -1546,10 +1544,10 @@ class Sanitizer {
                        'p'          => $block,
 
                        # 9.3.2
-                       'br'         => array( 'id', 'class', 'title', 'style', 'clear' ),
+                       'br'         => array_merge( $common, array( 'clear' ) ),
 
                        # http://www.whatwg.org/html/text-level-semantics.html#the-wbr-element
-                       'wbr'        => array( 'id', 'class', 'title', 'style' ),
+                       'wbr'        => $common,
 
                        # 9.3.4
                        'pre'        => array_merge( $common, array( 'width' ) ),
@@ -1576,16 +1574,16 @@ class Sanitizer {
                                                                ) ),
 
                        # 11.2.2
-                       'caption'    => array_merge( $common, array( 'align' ) ),
+                       'caption'    => $block,
 
                        # 11.2.3
-                       'thead'      => array_merge( $common, $tablealign ),
-                       'tfoot'      => array_merge( $common, $tablealign ),
-                       'tbody'      => array_merge( $common, $tablealign ),
+                       'thead'      => $common,
+                       'tfoot'      => $common,
+                       'tbody'      => $common,
 
                        # 11.2.4
-                       'colgroup'   => array_merge( $common, array( 'span', 'width' ), $tablealign ),
-                       'col'        => array_merge( $common, array( 'span', 'width' ), $tablealign ),
+                       'colgroup'   => array_merge( $common, array( 'span' ) ),
+                       'col'        => array_merge( $common, array( 'span' ) ),
 
                        # 11.2.5
                        'tr'         => array_merge( $common, array( 'bgcolor' ), $tablealign ),
@@ -1620,7 +1618,7 @@ class Sanitizer {
                        # basefont
 
                        # 15.3
-                       'hr'         => array_merge( $common, array( 'noshade', 'size', 'width' ) ),
+                       'hr'         => array_merge( $common, array( 'width' ) ),
 
                        # HTML Ruby annotation text module, simple ruby only.
                        # http://www.whatwg.org/html/text-level-semantics.html#the-ruby-element
@@ -1802,6 +1800,6 @@ class Sanitizer {
                $                      # End of string
                /ix"; // case Insensitive, eXtended
 
-               return (bool) preg_match( $HTML5_email_regexp, $addr );
+               return (bool)preg_match( $HTML5_email_regexp, $addr );
        }
 }
Wiklou, le Wiki du Wiklou