summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Schneider2009-09-08 15:26:56 +0000
committerChristian Schneider2009-09-08 15:26:56 +0000
commit8197be3061db8bd2f57910fa30d6adf34b04e824 (patch)
tree5c6ffb1ca085a2c5f827622f38c51a2d777be947
parentfdb49bcc7704cbf46014dae6091f61235dab01cb (diff)
downloaditools-8197be3061db8bd2f57910fa30d6adf34b04e824.tar.gz
itools-8197be3061db8bd2f57910fa30d6adf34b04e824.tar.bz2
itools-8197be3061db8bd2f57910fa30d6adf34b04e824.zip
Use U() to sanitize URLs in it_html::sanitize and adapted test cases to it
-rw-r--r--it_html.class4
-rwxr-xr-xtests/it_html.t8
2 files changed, 6 insertions, 6 deletions
diff --git a/it_html.class b/it_html.class
index 039f649..2175dd3 100644
--- a/it_html.class
+++ b/it_html.class
@@ -395,13 +395,13 @@ function sanitize($html)
{
# Link tags, keeps only href attribute
list($head, $href, $content, $tail) = $tag;
- $result .= it_html::sanitize($head) . '<a href="' . it_html::Q(html_entity_decode($href), ENT_COMPAT, $charset) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
+ $result .= it_html::sanitize($head) . '<a href="' . it_html::Q(it_html::U(html_entity_decode($href, ENT_COMPAT, $charset))) . '">' . it_html::sanitize($content) . "</a>" . it_html::sanitize($tail);
}
else if ($tag = it::match('(.*)<img\b[^>]+?src="(' . $urlpattern . ')"[^>]*?>(.*)', $html))
{
# Image tags, keeps only src attribute
list($head, $src, $tail) = $tag;
- $result .= it_html::sanitize($head) . '<img src="' . it_html::Q(html_entity_decode($src, ENT_COMPAT, $charset)) . '" alt="" />' . it_html::sanitize($tail);
+ $result .= it_html::sanitize($head) . '<img src="' . it_html::Q(it_html::U(html_entity_decode($src, ENT_COMPAT, $charset))) . '" alt="" />' . it_html::sanitize($tail);
}
else if ($tag = it::match("(.*)<(br|/tr)\b[^>]*>(.*)", $html))
{
diff --git a/tests/it_html.t b/tests/it_html.t
index 9c05341..3b4dc2f 100755
--- a/tests/it_html.t
+++ b/tests/it_html.t
@@ -91,11 +91,11 @@ is(
);
is(
- it_html::sanitize(" \r \n " . ' <p><a href="http://www.flickr.com/people/swisspics/">swisspics</a> posted < &lt; &auml; &amp; yesterday <b>a <i>photo</i></b> <b><i>tag missmatch</b></i>:</p><br><BR />
+ it_html::sanitize(" \r \n " . ' <p><a href="http://www.flickr.com/people/swisspics%/">swisspics</a> posted < &lt; &auml; &amp; yesterday <b>a <i>photo</i></b> <b><i>tag missmatch</b></i>:</p><br><BR />
<P><a href="javascript:window.close()" title="Wolken"><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" width="240" height="180" alt="Wolken" style="border: 1px solid #ddd;" /></a></p>
'),
- ' <a href="http://www.flickr.com/people/swisspics/">swisspics</a> posted &lt; &lt; ä &amp; yesterday a <i>photo</i> <i>tag missmatch</i>:<br /><br /> <p><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" alt="" /></p> ',
+ ' <a href="http://www.flickr.com/people/swisspics%25/">swisspics</a> posted &lt; &lt; ä &amp; yesterday a <i>photo</i> <i>tag missmatch</i>:<br /><br /> <p><img src="http://farm1.static.flickr.com/177/377214376_bcba167a7d_m.jpg" alt="" /></p> ',
'it_html::sanitize tag soup'
);
@@ -134,12 +134,12 @@ is(
is(
U('%% %1%x %1x%x1%xx%11%ff%FF'),
'%25%25+%251%25x+%251x%25x1%25xx%11%ff%FF',
- 'quoting of % if not followed by 2 hex digits'
+ 'U() quoting of % if not followed by 2 hex digits'
);
is(
U('a\\b'),
'a/b',
- 'converting of \ to /'
+ 'U() converting of \ to /'
);
?>