diff options
| author | Matt Butcher <[email protected]> | 2014-02-11 10:03:12 -0700 |
|---|---|---|
| committer | Matt Butcher <[email protected]> | 2014-02-11 10:03:12 -0700 |
| commit | 890cb84578d3b9a7ea63314a06f826a67be441d2 (patch) | |
| tree | b000902c9500bf232d739adbfdf3c6c1eb654390 | |
| parent | 44e8e23626bf619844baf9983e931d2f58606377 (diff) | |
| parent | a1e7f337a4bab48a55e0b5f5cf4c6a2da1530ade (diff) | |
Merge pull request #28 from miso-belica/fix-infinite-cycle
Fixed infinite loop for char "&" in unquoted attribute
| -rw-r--r-- | src/HTML5/Parser/Tokenizer.php | 13 | ||||
| -rw-r--r-- | test/HTML5/Parser/TokenizerTest.php | 12 |
2 files changed, 14 insertions, 11 deletions
diff --git a/src/HTML5/Parser/Tokenizer.php b/src/HTML5/Parser/Tokenizer.php index df77b5d..a79781f 100644 --- a/src/HTML5/Parser/Tokenizer.php +++ b/src/HTML5/Parser/Tokenizer.php @@ -498,6 +498,7 @@ class Tokenizer { while (strspn($tok, $stoplist) == 0 && $tok !== FALSE) { if ($tok == '&') { $val .= $this->decodeCharacterReference(TRUE); + $tok = $this->scanner->current(); } else { if(strspn($tok, "\"'<=`") > 0) { @@ -789,7 +790,7 @@ class Tokenizer { * * XML processing instructions are supposed to be ignored in HTML5, * treated as "bogus comments". However, since we're not a user - * agent, we allow them. We consume until ?> and then issue a + * agent, we allow them. We consume until ?> and then issue a * EventListener::processingInstruction() event. */ protected function processingInstruction() { @@ -834,7 +835,7 @@ class Tokenizer { // ================================================================ /** - * Read from the input stream until we get to the desired sequene + * Read from the input stream until we get to the desired sequene * or hit the end of the input stream. */ protected function readUntilSequence($sequence) { @@ -864,11 +865,11 @@ class Tokenizer { * This will read the stream for the $sequence. If it's * found, this will return TRUE. If not, return FALSE. * Since this unconsumes any chars it reads, the caller - * will still need to read the next sequence, even if + * will still need to read the next sequence, even if * this returns TRUE. * * Example: $this->sequenceMatches('</script>') will - * see if the input stream is at the start of a + * see if the input stream is at the start of a * '</script>' string. */ protected function sequenceMatches($sequence) { @@ -917,7 +918,7 @@ class Tokenizer { /** * Emit a parse error. * - * A parse error always returns FALSE because it never consumes any + * A parse error always returns FALSE because it never consumes any * characters. */ protected function parseError($msg) { @@ -1023,7 +1024,7 @@ class Tokenizer { return $entity; } - // If in an attribute, then failing to match ; means unconsume the + // If in an attribute, then failing to match ; means unconsume the // entire string. Otherwise, failure to match is an error. if ($inAttribute) { $this->scanner->unconsume($this->scanner->position() - $start); diff --git a/test/HTML5/Parser/TokenizerTest.php b/test/HTML5/Parser/TokenizerTest.php index 231827c..a55250f 100644 --- a/test/HTML5/Parser/TokenizerTest.php +++ b/test/HTML5/Parser/TokenizerTest.php @@ -109,7 +109,7 @@ class TokenizerTest extends \HTML5\Tests\TestCase { $e1 = $events->get(0); $this->assertEquals('error', $e1['name']); - // FIXME: Once the text processor is done, need to verify that the + // FIXME: Once the text processor is done, need to verify that the // tokens are transformed correctly into text. } @@ -139,12 +139,12 @@ class TokenizerTest extends \HTML5\Tests\TestCase { $succeed = array( '</a>' => 'a', '</test>' => 'test', - '</test + '</test >' => 'test', '</thisIsTheTagThatDoesntEndItJustGoesOnAndOnMyFriend>' => 'thisisthetagthatdoesntenditjustgoesonandonmyfriend', // See 8.2.4.10, which requires this and does not say error. - '</a<b>' => 'a<b', + '</a<b>' => 'a<b', ); $this->isAllGood('endTag', 2, $succeed); @@ -271,8 +271,8 @@ class TokenizerTest extends \HTML5\Tests\TestCase { public function testProcessorInstruction() { $good = array( '<?hph ?>' => 'hph', - '<?hph echo "Hello World"; ?>' => array('hph', 'echo "Hello World"; '), - "<?hph \necho 'Hello World';\n?>" => array('hph', "echo 'Hello World';\n"), + '<?hph echo "Hello World"; ?>' => array('hph', 'echo "Hello World"; '), + "<?hph \necho 'Hello World';\n?>" => array('hph', "echo 'Hello World';\n"), ); $this->isAllGood('pi', 2, $good); } @@ -379,6 +379,8 @@ class TokenizerTest extends \HTML5\Tests\TestCase { $reallyBad = array( '<foo ="bar">' => array('foo', array('=' => NULL, '"bar"' => NULL), FALSE), '<foo////>' => array('foo', array(), TRUE), + // character "&" in unquoted attribute shouldn't cause an infinite loop + '<foo bar=index.php?str=1&id=29>' => array('foo', array('bar' => 'index.php?str=1&id=29'), FALSE), ); foreach ($reallyBad as $test => $expects) { $events = $this->parse($test); |