Browse Source

modification RE whiteliste HTML safe & MAJ cache standalone

svn/root/tags/v5.0.0.5
gouz@root-me.org 4 years ago
parent
commit
e2f2c9149d
  1. 6
      inc/echapper_html_suspect.php
  2. 4
      lib/html5/HTMLPurifier.standalone.php
  3. 2
      paquet.xml
  4. 4
      wheels/htmlpurifier/echappe-js.php

6
inc/echapper_html_suspect.php

@ -1,13 +1,13 @@
<?php
function inc_echapper_html_suspect_dist($texte, $strict=true) {
if (!$texte
or strpos($texte, '<') === false or strpos($texte, '=') === false) {
return $texte;
}
if (preg_match("@^</?[a-z]{1,5}(\s+class\s*=\s*['\"][a-z _\s-]+['\"])?\s?/?>$@iS", $texte)) return $texte;
if ( preg_match("@^(</?(?!script)[a-z]+(\s+class\s*=\s*['\"][a-z _\s-]+['\"])?\s?/?>[\w\s]*)+$@iS", $texte) ){
return $texte; // input non filtré, $texte doit être safe !
}
$texte = safehtml($texte);
return $texte;
}

4
lib/html5/HTMLPurifier.standalone.php

@ -16626,7 +16626,7 @@ class HTMLPurifier_HTMLModule_CommonAttributes extends HTMLPurifier_HTMLModule
// https://www.w3.org/TR/microdata/
'itemid' => 'ID',
'itemprop' => 'Text',
'itemprop' => 'CDATA',
'itemscope' => 'Bool#itemscope',
'itemtype' => 'URI',
@ -16913,7 +16913,7 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
'Common',
array(
'form' => 'ID',
// 'for' => 'IDREF', // IDREF not implemented, cannot allow
'for' => 'ID', // IDREF not implemented, allow ID
)
);
$label->excludes = array('label' => true);

2
paquet.xml

@ -1,7 +1,7 @@
<paquet
prefix="htmlpurifier"
categorie="outil"
version="5.0.0.1"
version="5.0.0.2"
etat="dev"
compatibilite="[3.2.1;3.2.99]"
logo="htmlpurifier.png"

4
wheels/htmlpurifier/echappe-js.php

@ -16,8 +16,8 @@ function echappe_anti_xss($match) {
return "";
}
$texte = &$match[0];
if (preg_match("@^</?[a-z]{1,5}(\s+class\s*=\s*['\"][a-z _\s-]+['\"])?\s?/?>$@iS", $texte)){
return $texte;
if ( preg_match("@^(</?(?!script)[a-z]+(\s+class\s*=\s*['\"][a-z _\s-]+['\"])?\s?/?>[\w\s]*)+$@iS", $texte) ){
return $texte; // input non filtré, $texte doit être safe !
}
if (!isset($safehtml)) {
$safehtml = charger_fonction('safehtml', 'inc', true);

Loading…
Cancel
Save