mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2026-01-05 06:39:15 +00:00
update HTMLPurifier; enable embedded flash video in articles
This commit is contained in:
Andrew Dolgov
87
lib/htmlpurifier/library/HTMLPurifier/Generator.php
Executable file → Normal file
87
lib/htmlpurifier/library/HTMLPurifier/Generator.php
Executable file → Normal file
@@ -31,6 +31,22 @@ class HTMLPurifier_Generator
|
||||
*/
|
||||
private $_sortAttr;
|
||||
|
||||
/**
|
||||
* Cache of %Output.FlashCompat
|
||||
*/
|
||||
private $_flashCompat;
|
||||
|
||||
/**
|
||||
* Cache of %Output.FixInnerHTML
|
||||
*/
|
||||
private $_innerHTMLFix;
|
||||
|
||||
/**
|
||||
* Stack for keeping track of object information when outputting IE
|
||||
* compatibility code.
|
||||
*/
|
||||
private $_flashStack = array();
|
||||
|
||||
/**
|
||||
* Configuration for the generator
|
||||
*/
|
||||
@@ -42,8 +58,10 @@ class HTMLPurifier_Generator
|
||||
*/
|
||||
public function __construct($config, $context) {
|
||||
$this->config = $config;
|
||||
$this->_scriptFix = $config->get('Output', 'CommentScriptContents');
|
||||
$this->_sortAttr = $config->get('Output', 'SortAttr');
|
||||
$this->_scriptFix = $config->get('Output.CommentScriptContents');
|
||||
$this->_innerHTMLFix = $config->get('Output.FixInnerHTML');
|
||||
$this->_sortAttr = $config->get('Output.SortAttr');
|
||||
$this->_flashCompat = $config->get('Output.FlashCompat');
|
||||
$this->_def = $config->getHTMLDefinition();
|
||||
$this->_xhtml = $this->_def->doctype->xml;
|
||||
}
|
||||
@@ -72,7 +90,7 @@ class HTMLPurifier_Generator
|
||||
}
|
||||
|
||||
// Tidy cleanup
|
||||
if (extension_loaded('tidy') && $this->config->get('Output', 'TidyFormat')) {
|
||||
if (extension_loaded('tidy') && $this->config->get('Output.TidyFormat')) {
|
||||
$tidy = new Tidy;
|
||||
$tidy->parseString($html, array(
|
||||
'indent'=> true,
|
||||
@@ -86,9 +104,11 @@ class HTMLPurifier_Generator
|
||||
}
|
||||
|
||||
// Normalize newlines to system defined value
|
||||
$nl = $this->config->get('Output', 'Newline');
|
||||
if ($nl === null) $nl = PHP_EOL;
|
||||
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
|
||||
if ($this->config->get('Core.NormalizeNewlines')) {
|
||||
$nl = $this->config->get('Output.Newline');
|
||||
if ($nl === null) $nl = PHP_EOL;
|
||||
if ($nl !== "\n") $html = str_replace("\n", $nl, $html);
|
||||
}
|
||||
return $html;
|
||||
}
|
||||
|
||||
@@ -104,12 +124,29 @@ class HTMLPurifier_Generator
|
||||
|
||||
} elseif ($token instanceof HTMLPurifier_Token_Start) {
|
||||
$attr = $this->generateAttributes($token->attr, $token->name);
|
||||
if ($this->_flashCompat) {
|
||||
if ($token->name == "object") {
|
||||
$flash = new stdclass();
|
||||
$flash->attr = $token->attr;
|
||||
$flash->param = array();
|
||||
$this->_flashStack[] = $flash;
|
||||
}
|
||||
}
|
||||
return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>';
|
||||
|
||||
} elseif ($token instanceof HTMLPurifier_Token_End) {
|
||||
return '</' . $token->name . '>';
|
||||
$_extra = '';
|
||||
if ($this->_flashCompat) {
|
||||
if ($token->name == "object" && !empty($this->_flashStack)) {
|
||||
// doesn't do anything for now
|
||||
}
|
||||
}
|
||||
return $_extra . '</' . $token->name . '>';
|
||||
|
||||
} elseif ($token instanceof HTMLPurifier_Token_Empty) {
|
||||
if ($this->_flashCompat && $token->name == "param" && !empty($this->_flashStack)) {
|
||||
$this->_flashStack[count($this->_flashStack)-1]->param[$token->attr['name']] = $token->attr['value'];
|
||||
}
|
||||
$attr = $this->generateAttributes($token->attr, $token->name);
|
||||
return '<' . $token->name . ($attr ? ' ' : '') . $attr .
|
||||
( $this->_xhtml ? ' /': '' ) // <br /> v. <br>
|
||||
@@ -159,6 +196,37 @@ class HTMLPurifier_Generator
|
||||
continue;
|
||||
}
|
||||
}
|
||||
// Workaround for Internet Explorer innerHTML bug.
|
||||
// Essentially, Internet Explorer, when calculating
|
||||
// innerHTML, omits quotes if there are no instances of
|
||||
// angled brackets, quotes or spaces. However, when parsing
|
||||
// HTML (for example, when you assign to innerHTML), it
|
||||
// treats backticks as quotes. Thus,
|
||||
// <img alt="``" />
|
||||
// becomes
|
||||
// <img alt=`` />
|
||||
// becomes
|
||||
// <img alt='' />
|
||||
// Fortunately, all we need to do is trigger an appropriate
|
||||
// quoting style, which we do by adding an extra space.
|
||||
// This also is consistent with the W3C spec, which states
|
||||
// that user agents may ignore leading or trailing
|
||||
// whitespace (in fact, most don't, at least for attributes
|
||||
// like alt, but an extra space at the end is barely
|
||||
// noticeable). Still, we have a configuration knob for
|
||||
// this, since this transformation is not necesary if you
|
||||
// don't process user input with innerHTML or you don't plan
|
||||
// on supporting Internet Explorer.
|
||||
if ($this->_innerHTMLFix) {
|
||||
if (strpos($value, '`') !== false) {
|
||||
// check if correct quoting style would not already be
|
||||
// triggered
|
||||
if (strcspn($value, '"\' <>') === strlen($value)) {
|
||||
// protect!
|
||||
$value .= ' ';
|
||||
}
|
||||
}
|
||||
}
|
||||
$html .= $key.'="'.$this->escape($value).'" ';
|
||||
}
|
||||
return rtrim($html);
|
||||
@@ -174,7 +242,10 @@ class HTMLPurifier_Generator
|
||||
* permissible for non-attribute output.
|
||||
* @return String escaped data.
|
||||
*/
|
||||
public function escape($string, $quote = ENT_COMPAT) {
|
||||
public function escape($string, $quote = null) {
|
||||
// Workaround for APC bug on Mac Leopard reported by sidepodcast
|
||||
// http://htmlpurifier.org/phorum/read.php?3,4823,4846
|
||||
if ($quote === null) $quote = ENT_COMPAT;
|
||||
return htmlspecialchars($string, $quote, 'UTF-8');
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user