From e3ff109b37acf8b95130f18633b17adb44f209ef Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Sun, 28 Feb 2016 15:56:52 -0800 Subject: [PATCH] restrict matching mf2 classes to only lowercase names see http://microformats.org/wiki/microformats2-parsing-issues#ignore_u-camelCase_properties for background --- lib/Formats/HTMLPurifier_AttrDef_HTML_Microformats2.php | 2 +- tests/SanitizeTest.php | 1 + tests/data/sanitize.example/entry-with-mf2-classes | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/Formats/HTMLPurifier_AttrDef_HTML_Microformats2.php b/lib/Formats/HTMLPurifier_AttrDef_HTML_Microformats2.php index 5d19c8e..d3d506f 100644 --- a/lib/Formats/HTMLPurifier_AttrDef_HTML_Microformats2.php +++ b/lib/Formats/HTMLPurifier_AttrDef_HTML_Microformats2.php @@ -32,7 +32,7 @@ class HTMLPurifier_AttrDef_HTML_Microformats2 extends HTMLPurifier_AttrDef_HTML_ { $ret = array(); foreach ($tokens as $token) { - if(preg_match('/^([hpue]|dt)-.+/', $token)) { + if(preg_match('/^([hpue]|dt)-[a-z\-]+$/', $token)) { $ret[] = $token; } } diff --git a/tests/SanitizeTest.php b/tests/SanitizeTest.php index c123ee0..1d1dbb9 100644 --- a/tests/SanitizeTest.php +++ b/tests/SanitizeTest.php @@ -79,6 +79,7 @@ class SanitizeTest extends PHPUnit_Framework_TestCase { $this->assertEquals('entry', $data['data']['type']); $this->assertContains('

Hello World

', $html); + $this->assertContains('

Utility Class

', $html); } } diff --git a/tests/data/sanitize.example/entry-with-mf2-classes b/tests/data/sanitize.example/entry-with-mf2-classes index 8579def..64e5e63 100644 --- a/tests/data/sanitize.example/entry-with-mf2-classes +++ b/tests/data/sanitize.example/entry-with-mf2-classes @@ -12,6 +12,8 @@ Connection: keep-alive

Hello World

This content has a valid tags that contains microformats classes. +

Utility Class

+ The u-utilityClass should not be returned according to http://microformats.org/wiki/microformats2-parsing-issues#ignore_u-camelCase_properties