[libhtml-scrubber-perl] 08/13: fix handling of self closing tags, like <hr/>
Florian Schlichting
fsfs at moszumanska.debian.org
Sat Nov 11 13:46:05 UTC 2017
This is an automated email from the git hooks/post-receive script.
fsfs pushed a commit to annotated tag release/0.10-TRIAL
in repository libhtml-scrubber-perl.
commit 4532022c588ada5b43752564a1719d0d2664ac41
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Fri Sep 20 20:10:09 2013 +0400
fix handling of self closing tags, like <hr/>
Use empty_element_tags in HTML::Parser, distinguish
close events by $text argument (empry - self closing,
not empty - real </tag>) as it's documented.
No tags autoclosing, so '<br>' results in '<br>'.
Space is added before '/>', so '<hr/>' result in '<hr />'.
Fixes tickets #19063 and #25477.
---
Changes | 2 ++
lib/HTML/Scrubber.pm | 21 ++++++++++++++++-----
t/rt19063_xhtml.t | 18 ++++++++++++++++++
t/rt25477_self_closing.t | 28 ++++++++++++++++++++++++++++
4 files changed, 64 insertions(+), 5 deletions(-)
diff --git a/Changes b/Changes
index 7d16e79..fc8cc2e 100644
--- a/Changes
+++ b/Changes
@@ -2,6 +2,8 @@ Revision history for Perl extension HTML::Scrubber.
{{$NEXT}}
- RT3008 Changed examples to be XSS free
+ - RT19063, RT25477 fixed handling of self closing tags,
+ for example '<hr />'
0.09 2011-04-01 16:35:50 Europe/London
- Basic conversion to Dist::Zilla/git
diff --git a/lib/HTML/Scrubber.pm b/lib/HTML/Scrubber.pm
index b018ea1..5b8b93e 100644
--- a/lib/HTML/Scrubber.pm
+++ b/lib/HTML/Scrubber.pm
@@ -57,7 +57,7 @@ If you're new to perl, good luck to you.
use strict;
use warnings;
-use HTML::Parser();
+use HTML::Parser 3.47 ();
use HTML::Entities;
our( @_scrub, @_scrub_fh );
@@ -79,6 +79,7 @@ sub new {
unbroken_text => 1,
case_sensitive => 0,
boolean_attribute_value => undef,
+ empty_element_tags => 1,
);
my $self = {
@@ -295,6 +296,7 @@ sub scrub_file {
$_[0]->{_p}->parse_file($_[1]);
return delete $_[0]->{_r} unless exists $_[0]->{_out};
+ print { $_[0]->{_out} } $_[0]->{_r} if length $_[0]->{_r};
delete $_[0]->{_out};
return 1;
}
@@ -424,11 +426,19 @@ sub _scrub_str {
}
}
elsif ( $e eq 'end' ) {
+ my $place = 0;
if ( exists $s->{_rules}->{$t} ) {
- $outstr .= "</$t>" if $s->{_rules}->{$t};
+ $place = 1 if $s->{_rules}->{$t};
}
elsif ( $s->{_rules}->{'*'} ) {
- $outstr .= "</$t>";
+ $place = 1;
+ }
+ if ( $place ) {
+ if ( length $text ) {
+ $outstr .= "</$t>";
+ } else {
+ substr $s->{_r}, -1, 0, ' /';
+ }
}
}
elsif ( $e eq 'comment' ) {
@@ -458,8 +468,9 @@ Now calls _scrub_str and pushes that out to a file.
=cut
sub _scrub_fh {
-
- print { $_[0]->{"\0_s"}->{_out} } _scrub_str(@_);
+ my $self = $_[0]->{"\0_s"};
+ print { $self->{_out} } $self->{'_r'} if length $self->{_r};
+ $self->{'_r'} = _scrub_str(@_);
}
=for comment _scrub
diff --git a/t/rt19063_xhtml.t b/t/rt19063_xhtml.t
new file mode 100644
index 0000000..39f6874
--- /dev/null
+++ b/t/rt19063_xhtml.t
@@ -0,0 +1,18 @@
+# Tests related to RT25477 - https://rt.cpan.org/Public/Bug/Display.html?id=25477
+use strict;
+use warnings;
+use File::Spec;
+use Test::More;
+
+use_ok('HTML::Scrubber');
+use HTML::Scrubber;
+
+my $scrubber = HTML::Scrubber->new;
+$scrubber->default(1);
+is(
+ $scrubber->scrub('<hr/><hr><hr /><hr></hr>'),
+ '<hr /><hr><hr /><hr></hr>',
+ "correct result"
+);
+
+done_testing;
diff --git a/t/rt25477_self_closing.t b/t/rt25477_self_closing.t
new file mode 100644
index 0000000..a939caa
--- /dev/null
+++ b/t/rt25477_self_closing.t
@@ -0,0 +1,28 @@
+# Tests related to RT25477 - https://rt.cpan.org/Public/Bug/Display.html?id=25477
+use strict;
+use warnings;
+use File::Spec;
+use Test::More;
+
+use_ok('HTML::Scrubber');
+use HTML::Scrubber;
+
+my $scrubber = HTML::Scrubber->new;
+$scrubber->default(1);
+my $scrubbed = $scrubber->scrub( <<'END' );
+<script src="www.google.com/script.js" />
+<b>one</b>
+<script type="text/javascript">
+ alert("hello")
+</script>
+<b>two</b>
+END
+
+is($scrubbed, <<'END', "correct result");
+
+<b>one</b>
+
+<b>two</b>
+END
+
+done_testing;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libhtml-scrubber-perl.git
More information about the Pkg-perl-cvs-commits
mailing list