deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Sanitize url refs in SVG attributes

Browse source 
Add some tests.
Sync with latest HTML5lib (includes above sanitization improvements).
This commit is contained in:
Jacques Distler 2007-10-27 17:34:29 -05:00
parent ae82f1be49
commit 5208bbf0af
28 changed files with 1277 additions and 735 deletions
Download patch file Download diff file Expand all files Collapse all files

42
vendor/plugins/HTML5lib/lib/html5/html5parser/in_body_phase.rb vendored
View file

@ -1,4 +1,5 @@
require 'html5/html5parser/phase'
require 'core_ext/kernel'
module HTML5
class InBodyPhase < Phase
@ -50,13 +51,12 @@ module HTML5
super(parser, tree)
# for special handling of whitespace in <pre>
@processSpaceCharactersDropNewline = false
if $-w
$-w = false
alias processSpaceCharactersNonPre processSpaceCharacters
class << self; alias processSpaceCharactersNonPre processSpaceCharacters; end
$-w = true
else
alias processSpaceCharactersNonPre processSpaceCharacters
class << self; alias processSpaceCharactersNonPre processSpaceCharacters; end
end
end
@ -65,10 +65,18 @@ module HTML5
if $-w
$-w = false
alias processSpaceCharacters processSpaceCharactersNonPre
class << self
silence do
alias processSpaceCharacters processSpaceCharactersNonPre
end
end
$-w = true
else
alias processSpaceCharacters processSpaceCharactersNonPre
class << self
silence do
alias processSpaceCharacters processSpaceCharactersNonPre
end
end
end
if (data.length > 0 and data[0] == ?\n &&
@ -121,7 +129,13 @@ module HTML5
def startTagCloseP(name, attributes)
endTagP('p') if in_scope?('p')
@tree.insert_element(name, attributes)
@processSpaceCharactersDropNewline = true if name == 'pre'
if name == 'pre'
class << self
silence do
alias processSpaceCharacters processSpaceCharactersDropNewline
end
end
end
end
def startTagForm(name, attributes)
@ -291,8 +305,7 @@ module HTML5
# XXX Form element pointer checking here as well...
@tree.insert_element(name, attributes)
@parser.tokenizer.content_model_flag = :RCDATA
@processSpaceCharactersDropNewline = true
alias processSpaceCharacters processSpaceCharactersDropNewline
class << self; alias processSpaceCharacters processSpaceCharactersDropNewline; end
end
# iframe, noembed noframes, noscript(if scripting enabled)
@ -344,9 +357,9 @@ module HTML5
# XXX Need to take open <p> tags into account here. We shouldn't imply
# </p> but we should not throw a parse error either. Specification is
# likely to be updated.
unless @tree.open_elements[1].name == 'body'
unless @tree.open_elements[1] && @tree.open_elements[1].name == 'body'
# inner_html case
parse_error
parse_error "unexpected-end-tag", {:name => 'body'}
return
end
unless @tree.open_elements.last.name == 'body'
@ -364,7 +377,14 @@ module HTML5
def endTagBlock(name)
#Put us back in the right whitespace handling mode
@processSpaceCharactersDropNewline = false if name == 'pre'
if name == 'pre'
class << self;
silence do
alias processSpaceCharacters processSpaceCharactersNonPre;
end
end
end
@tree.generateImpliedEndTags if in_scope?(name)

13
vendor/plugins/HTML5lib/lib/html5/html5parser/in_caption_phase.rb vendored
View file

@ -5,9 +5,9 @@ module HTML5
# http://www.whatwg.org/specs/web-apps/current-work/#in-caption
handle_start 'html', %w( caption col colgroup tbody td tfoot th thead tr ) => 'TableElement'
handle_start 'html', %w(caption col colgroup tbody td tfoot th thead tr) => 'TableElement'
handle_end 'caption', 'table', %w( body col colgroup html tbody td tfoot th thead tr ) => 'Ignore'
handle_end 'caption', 'table', %w(body col colgroup html tbody td tfoot th thead tr) => 'Ignore'
def ignoreEndTagCaption
!in_scope?('caption', true)
@ -18,7 +18,7 @@ module HTML5
end
def startTagTableElement(name, attributes)
parse_error
parse_error "unexpected-end-tag", {"name" => name}
#XXX Have to duplicate logic here to find out if the tag is ignored
ignoreEndTag = ignoreEndTagCaption
@parser.phase.processEndTag('caption')
@ -33,7 +33,7 @@ module HTML5
if ignoreEndTagCaption
# inner_html case
assert @parser.inner_html
parse_error
parse_error "unexpected-end-tag", {"name" => name}
else
# AT this code is quite similar to endTagTable in "InTable"
@tree.generateImpliedEndTags
@ -41,7 +41,7 @@ module HTML5
unless @tree.open_elements[-1].name == 'caption'
parse_error("expected-one-end-tag-but-got-another",
{"gotName" => "caption",
"expectedNmae" => @tree.open_elements.last.name})
"expectedName" => @tree.open_elements.last.name})
end
remove_open_elements_until('caption')
@ -52,7 +52,7 @@ module HTML5
end
def endTagTable(name)
parse_error
parse_error "unexpected-end-table-in-caption"
ignoreEndTag = ignoreEndTagCaption
@parser.phase.processEndTag('caption')
@parser.phase.processEndTag(name) unless ignoreEndTag
@ -65,6 +65,5 @@ module HTML5
def endTagOther(name)
@parser.phases[:inBody].processEndTag(name)
end
end
end

2
vendor/plugins/HTML5lib/lib/html5/html5parser/in_cell_phase.rb vendored
View file

@ -56,7 +56,7 @@ module HTML5
@parser.phase.processEndTag(name)
else
# sometimes inner_html case
parse_error
parse_error "unexpected-end-tag", {:name => name}
end
end

2
vendor/plugins/HTML5lib/lib/html5/html5parser/in_column_group_phase.rb vendored
View file

@ -34,7 +34,7 @@ module HTML5
if ignoreEndTagColgroup
# inner_html case
assert @parser.inner_html
parse_error
parse_error "unexpected-end-tag", {:name => name}
else
@tree.open_elements.pop
@parser.phase = @parser.phases[:inTable]

3
vendor/plugins/HTML5lib/lib/html5/html5parser/in_frameset_phase.rb vendored
View file

@ -27,8 +27,7 @@ module HTML5
end
def startTagOther(name, attributes)
parse_error("unexpected-start-tag-in-frameset",
{"name" => name})
parse_error("unexpected-start-tag-in-frameset", {"name" => name})
end
def endTagFrameset(name)

7
vendor/plugins/HTML5lib/lib/html5/html5parser/in_row_phase.rb vendored
View file

@ -35,7 +35,7 @@ module HTML5
if ignoreEndTagTr
# inner_html case
assert @parser.inner_html
parse_error
parse_error "unexpected-end-tag", {:name => name}
else
clearStackToTableRowContext
@tree.open_elements.pop
@ -57,7 +57,7 @@ module HTML5
@parser.phase.processEndTag(name)
else
# inner_html case
parse_error
parse_error "unexpected-end-tag", {:name => name}
end
end
@ -75,8 +75,7 @@ module HTML5
# XXX unify this with other table helper methods
def clearStackToTableRowContext
until %w[tr html].include?(name = @tree.open_elements.last.name)
parse_error("unexpected-implied-end-tag-in-table-row",
{"name" => @tree.open_elements.last.name})
parse_error("unexpected-implied-end-tag-in-table-row", {"name" => @tree.open_elements.last.name})
@tree.open_elements.pop
end
end

10
vendor/plugins/HTML5lib/lib/html5/html5parser/in_table_body_phase.rb vendored
View file

@ -33,7 +33,7 @@ module HTML5
@parser.phase.processStartTag(name, attributes)
else
# inner_html case
parse_error
parse_error "unexpected-start-tag", {:name => name}
end
end
@ -47,8 +47,7 @@ module HTML5
@tree.open_elements.pop
@parser.phase = @parser.phases[:inTable]
else
parse_error("unexpected-end-tag-in-table-body",
{"name" => name})
parse_error("unexpected-end-tag-in-table-body", {"name" => name})
end
end
@ -59,13 +58,12 @@ module HTML5
@parser.phase.processEndTag(name)
else
# inner_html case
parse_error
parse_error "unexpected-end-tag", {:name => name}
end
end
def endTagIgnore(name)
parse_error("unexpected-end-tag-in-table-body",
{"name" => name})
parse_error("unexpected-end-tag-in-table-body", {"name" => name})
end
def endTagOther(name)

2
vendor/plugins/HTML5lib/lib/html5/html5parser/in_table_phase.rb vendored
View file

@ -82,7 +82,7 @@ module HTML5
else
# inner_html case
assert @parser.inner_html
parse_error
parse_error "unexpected-end-tag", {:name => name}
end
end