From dd205fbad642ace6d0e33c8553f7d73404f140b4 Mon Sep 17 00:00:00 2001
From: Michael Kuhn <suraia@ikkoku.de>
Date: Sat, 28 Apr 2012 14:37:51 +0200
Subject: Update HTML Purifier to version 4.4.0.

---
 .../library/HTMLPurifier/HTMLModule/Forms.php      |  5 +--
 .../library/HTMLPurifier/HTMLModule/Iframe.php     | 38 ++++++++++++++++++++++
 .../library/HTMLPurifier/HTMLModule/Legacy.php     | 18 +++++++++-
 .../library/HTMLPurifier/HTMLModule/List.php       | 14 +++++---
 .../library/HTMLPurifier/HTMLModule/Tables.php     |  3 ++
 .../HTMLPurifier/HTMLModule/TargetBlank.php        | 19 +++++++++++
 6 files changed, 90 insertions(+), 7 deletions(-)
 create mode 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Iframe.php
 create mode 100644 lib/htmlpurifier/library/HTMLPurifier/HTMLModule/TargetBlank.php

(limited to 'lib/htmlpurifier/library/HTMLPurifier/HTMLModule')

diff --git a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Forms.php b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Forms.php
index 44c22f6f8..b963529a7 100644
--- a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Forms.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Forms.php
@@ -35,7 +35,7 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
             'name' => 'CDATA',
             'readonly' => 'Bool#readonly',
             'size' => 'Number',
-            'src' => 'URI#embeds',
+            'src' => 'URI#embedded',
             'tabindex' => 'Number',
             'type' => 'Enum#text,password,checkbox,button,radio,submit,reset,file,hidden,image',
             'value' => 'CDATA',
@@ -84,7 +84,8 @@ class HTMLPurifier_HTMLModule_Forms extends HTMLPurifier_HTMLModule
         $button->excludes = $this->makeLookup(
             'form', 'fieldset', // Form
             'input', 'select', 'textarea', 'label', 'button', // Formctrl
-            'a' // as per HTML 4.01 spec, this is omitted by modularization
+            'a', // as per HTML 4.01 spec, this is omitted by modularization
+            'isindex', 'iframe' // legacy items
         );
 
         // Extra exclusion: img usemap="" is not permitted within this element.
diff --git a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Iframe.php b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Iframe.php
new file mode 100644
index 000000000..287071edf
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Iframe.php
@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * XHTML 1.1 Iframe Module provides inline frames.
+ *
+ * @note This module is not considered safe unless an Iframe
+ * whitelisting mechanism is specified.  Currently, the only
+ * such mechanism is %URL.SafeIframeRegexp
+ */
+class HTMLPurifier_HTMLModule_Iframe extends HTMLPurifier_HTMLModule
+{
+
+    public $name = 'Iframe';
+    public $safe = false;
+
+    public function setup($config) {
+        if ($config->get('HTML.SafeIframe')) {
+            $this->safe = true;
+        }
+        $this->addElement(
+            'iframe', 'Inline', 'Flow', 'Common',
+            array(
+                'src' => 'URI#embedded',
+                'width' => 'Length',
+                'height' => 'Length',
+                'name' => 'ID',
+                'scrolling' => 'Enum#yes,no,auto',
+                'frameborder' => 'Enum#0,1',
+                'longdesc' => 'URI',
+                'marginheight' => 'Pixels',
+                'marginwidth' => 'Pixels',
+            )
+        );
+    }
+
+}
+
+// vim: et sw=4 sts=4
diff --git a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Legacy.php b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Legacy.php
index df33927ba..f278eeced 100644
--- a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Legacy.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Legacy.php
@@ -89,7 +89,7 @@ class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule
         $hr->attr['width'] = 'Length';
 
         $img = $this->addBlankElement('img');
-        $img->attr['align'] = 'Enum#top,middle,bottom,left,right';
+        $img->attr['align'] = 'IAlign';
         $img->attr['border'] = 'Pixels';
         $img->attr['hspace'] = 'Pixels';
         $img->attr['vspace'] = 'Pixels';
@@ -136,6 +136,22 @@ class HTMLPurifier_HTMLModule_Legacy extends HTMLPurifier_HTMLModule
         $ul->attr['compact'] = 'Bool#compact';
         $ul->attr['type'] = 'Enum#square,disc,circle';
 
+        // "safe" modifications to "unsafe" elements
+        // WARNING: If you want to add support for an unsafe, legacy
+        // attribute, make a new TrustedLegacy module with the trusted
+        // bit set appropriately
+
+        $form = $this->addBlankElement('form');
+        $form->content_model = 'Flow | #PCDATA';
+        $form->content_model_type = 'optional';
+        $form->attr['target'] = 'FrameTarget';
+
+        $input = $this->addBlankElement('input');
+        $input->attr['align'] = 'IAlign';
+
+        $legend = $this->addBlankElement('legend');
+        $legend->attr['align'] = 'LAlign';
+
     }
 
 }
diff --git a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/List.php b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/List.php
index 74d4522f4..79ccefafd 100644
--- a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/List.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/List.php
@@ -20,10 +20,16 @@ class HTMLPurifier_HTMLModule_List extends HTMLPurifier_HTMLModule
     public $content_sets = array('Flow' => 'List');
 
     public function setup($config) {
-        $ol = $this->addElement('ol', 'List', 'Required: li', 'Common');
-        $ol->wrap = "li";
-        $ul = $this->addElement('ul', 'List', 'Required: li', 'Common');
-        $ul->wrap = "li";
+        $ol = $this->addElement('ol', 'List', new HTMLPurifier_ChildDef_List(), 'Common');
+        $ul = $this->addElement('ul', 'List', new HTMLPurifier_ChildDef_List(), 'Common');
+        // XXX The wrap attribute is handled by MakeWellFormed.  This is all
+        // quite unsatisfactory, because we generated this
+        // *specifically* for lists, and now a big chunk of the handling
+        // is done properly by the List ChildDef.  So actually, we just
+        // want enough information to make autoclosing work properly,
+        // and then hand off the tricky stuff to the ChildDef.
+        $ol->wrap = 'li';
+        $ul->wrap = 'li';
         $this->addElement('dl', 'List', 'Required: dt | dd', 'Common');
 
         $this->addElement('li', false, 'Flow', 'Common');
diff --git a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tables.php b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tables.php
index f314ced3f..45c42bb3e 100644
--- a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tables.php
+++ b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/Tables.php
@@ -37,6 +37,9 @@ class HTMLPurifier_HTMLModule_Tables extends HTMLPurifier_HTMLModule
                 'abbr'    => 'Text',
                 'colspan' => 'Number',
                 'rowspan' => 'Number',
+                // Apparently, as of HTML5 this attribute only applies
+                // to 'th' elements.
+                'scope'   => 'Enum#row,col,rowgroup,colgroup',
             ),
             $cell_align
         );
diff --git a/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/TargetBlank.php b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/TargetBlank.php
new file mode 100644
index 000000000..e1305ec5d
--- /dev/null
+++ b/lib/htmlpurifier/library/HTMLPurifier/HTMLModule/TargetBlank.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * Module adds the target=blank attribute transformation to a tags.  It
+ * is enabled by HTML.TargetBlank
+ */
+class HTMLPurifier_HTMLModule_TargetBlank extends HTMLPurifier_HTMLModule
+{
+
+    public $name = 'TargetBlank';
+
+    public function setup($config) {
+        $a = $this->addBlankElement('a');
+        $a->attr_transform_post[] = new HTMLPurifier_AttrTransform_TargetBlank();
+    }
+
+}
+
+// vim: et sw=4 sts=4
-- 
cgit v1.2.3