tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX Convert::html2raw() not correctly stripping script and style tags

Browse Source
This commit is contained in:
Simon Welsh 2012-02-15 07:55:52 +13:00
parent f6748f5b56
commit 7658e902fc
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/Convert.php
View File

@ -273,8 +273,8 @@ class Convert {
/* $data = eregi_replace("<style(^A-Za-z0-9>][^>]*)?>.*</style[^>]*>","", $data);*/ /* $data = eregi_replace("<style(^A-Za-z0-9>][^>]*)?>.*</style[^>]*>","", $data);*/
/* $data = eregi_replace("<script(^A-Za-z0-9>][^>]*)?>.*</script[^>]*>","", $data);*/ /* $data = eregi_replace("<script(^A-Za-z0-9>][^>]*)?>.*</script[^>]*>","", $data);*/
$data = preg_replace("/<style(^A-Za-z0-9>][^>]*)?>.*?<\/style[^>]*>/i","", $data); $data = preg_replace("/<style([^A-Za-z0-9>][^>]*)?>.*?<\/style[^>]*>/is","", $data);
$data = preg_replace("/<script(^A-Za-z0-9>][^>]*)?>.*?<\/script[^>]*>/i","", $data); $data = preg_replace("/<script([^A-Za-z0-9>][^>]*)?>.*?<\/script[^>]*>/is","", $data);
if($config['ReplaceBoldAsterisk']) { if($config['ReplaceBoldAsterisk']) {
$data = preg_replace('%<(strong|b)( [^>]*)?>|</(strong|b)>%i','*',$data); $data = preg_replace('%<(strong|b)( [^>]*)?>|</(strong|b)>%i','*',$data);

14
tests/core/ConvertTest.php
View File

@ -37,6 +37,20 @@ class ConvertTest extends SapphireTest {
$val2 = 'This has a <strong class="test" style="font-weight: bold">strong tag with attributes</STRONG>.'; $val2 = 'This has a <strong class="test" style="font-weight: bold">strong tag with attributes</STRONG>.';
$this->assertEquals('This has a *strong tag with attributes*.', Convert::xml2raw($val2), 'Strong tags with attributes are replaced with asterisks'); $this->assertEquals('This has a *strong tag with attributes*.', Convert::xml2raw($val2), 'Strong tags with attributes are replaced with asterisks');
$val3 = '<script type="text/javascript">Some really nasty javascript here</script>';
$this->assertEquals('', Convert::xml2raw($val3), 'Script tags are completely removed');
$val4 = '<style type="text/css">Some really nasty CSS here</style>';
$this->assertEquals('', Convert::xml2raw($val4), 'Style tags are completely removed');
$val5 = '<script type="text/javascript">Some really nasty
multiline javascript here</script>';
$this->assertEquals('', Convert::xml2raw($val5), 'Multiline script tags are completely removed');
$val6 = '<style type="text/css">Some really nasty
multiline CSS here</style>';
$this->assertEquals('', Convert::xml2raw($val6), 'Multiline style tags are completely removed');
} }
/** /**