fix(html-purifier): install htmlpurifier-html5 library for html5 support

fixes #12
wp-pwa · Aug 10, 2018 · bd7013f · bd7013f
1 parent a8cef5d
commit bd7013f
Show file tree

Hide file tree

Showing 16 changed files with 899 additions and 115 deletions.
diff --git a/libs/html5purifier.php b/libs/html5purifier.php
diff --git a/libs/htmlpurifier-html5/LICENSE b/libs/htmlpurifier-html5/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Xemlock
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/libs/htmlpurifier-html5/autoload.php b/libs/htmlpurifier-html5/autoload.php
@@ -0,0 +1,15 @@
+<?php
+
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/HTML5Config.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/HTML5Definition.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/AttrDef/Float.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/AttrDef/Regexp.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/AttrDef/HTML/Bool2.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/AttrTransform/Progress.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/ChildDef/Details.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/ChildDef/Figure.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/ChildDef/Media.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/ChildDef/Picture.php');
+require_once(plugin_dir_path(__FILE__) . '/library/HTMLPurifier/ChildDef/Progress.php');
+
+?>
diff --git a/libs/htmlpurifier-html5/library/HTMLPurifier/AttrDef/Float.php b/libs/htmlpurifier-html5/library/HTMLPurifier/AttrDef/Float.php
@@ -0,0 +1,116 @@
+<?php
+
+/**
+ * Validates a floating point number
+ */
+class HTMLPurifier_AttrDef_Float extends HTMLPurifier_AttrDef
+{
+    /**
+     * @var int|float
+     */
+    protected $min;
+
+    /**
+     * @var int|float
+     */
+    protected $max;
+
+    /**
+     * @var bool
+     */
+    protected $minInclusive = true;
+
+    /**
+     * @var bool
+     */
+    protected $maxInclusive = true;
+
+    /**
+     * Supported options:
+     *
+     * - 'min'          => int|float
+     * - 'max'          => int|float
+     * - 'minInclusive' => bool
+     * - 'maxInclusive' => bool
+     *
+     * @param array $options OPTIONAL
+     */
+    public function __construct($options = null)
+    {
+        $options = is_array($options) ? $options : array();
+
+        $this->min = isset($options['min']) ? floatval($options['min']) : null;
+        $this->max = isset($options['max']) ? floatval($options['max']) : null;
+
+        if (isset($options['minInclusive'])) {
+            $this->minInclusive = (bool) $options['minInclusive'];
+        }
+
+        if (isset($options['maxInclusive'])) {
+            $this->maxInclusive = (bool) $options['maxInclusive'];
+        }
+    }
+
+    /**
+     * @param string $number
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return string
+     */
+    public function validate($number, $config, $context)
+    {
+        $number = $this->parseCDATA($number);
+
+        if ($number === '') {
+            return false;
+        }
+
+        // Up to PHP 5.6 is_numeric() returns TRUE for hex strings
+        // http://php.net/manual/en/function.is-numeric.php
+        if (!preg_match('/^[-+.0-9Ee]+$/', $number) || !is_numeric($number)) {
+            return false;
+        }
+
+        // HTML numbers cannot start with '+' character
+        // https://html.spec.whatwg.org/multipage/common-microsyntaxes.html#valid-floating-point-number
+        if (substr($number, 0, 1) === '+') {
+            $number = substr($number, 1);
+        }
+
+        $value = floatval($number);
+
+        if (($this->min !== null) &&
+            (($this->minInclusive && $value < $this->min) || (!$this->minInclusive && $value <= $this->min))
+        ) {
+            return false;
+        }
+
+        if (($this->max !== null) &&
+            (($this->maxInclusive && $this->max < $value) || (!$this->maxInclusive && $this->max <= $value))
+        ) {
+            return false;
+        }
+
+        return $number;
+    }
+
+    /**
+     * Factory function
+     *
+     * @param string $string A comma-delimited list of key:value pairs. Example: "min:0,max:10".
+     * @return HTMLPurifier_AttrDef_Float
+     */
+    public function make($string)
+    {
+        $options = array();
+        foreach (explode(',', $string) as $pair) {
+            $parts = explode(':', $pair, 2);
+            if (count($parts) === 2) {
+                list($key, $value) = $parts;
+                $options[$key] = $value;
+            }
+        }
+        $class = get_class($this);
+        return new $class($options);
+    }
+}
diff --git a/libs/htmlpurifier-html5/library/HTMLPurifier/AttrDef/HTML/Bool2.php b/libs/htmlpurifier-html5/library/HTMLPurifier/AttrDef/HTML/Bool2.php
@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * Validates a boolean attribute
+ *
+ * HTMLPurifier 4.6.0 has broken support for boolean attributes, as reported
+ * in: http://htmlpurifier.org/phorum/read.php?3,7631,7631
+
+ * This issue has almost been fixed in 4.7.0, boolean attributes are properly
+ * parsed, but their values are not validated.
+ */
+class HTMLPurifier_AttrDef_HTML_Bool2 extends HTMLPurifier_AttrDef_HTML_Bool
+{
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool
+     */
+    public function validate($string, $config, $context)
+    {
+        $name = strlen($this->name) ? $this->name : $context->get('CurrentAttr');
+        // boolean attribute validates if its value is either empty
+        // or case-insensitively equal to attribute name
+        return $string === '' || strcasecmp($name, $string) === 0;
+    }
+
+    /**
+     * @param string $string Name of attribute
+     * @return HTMLPurifier_AttrDef_HTML_Bool2
+     */
+    public function make($string)
+    {
+        return new self($string);
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/libs/htmlpurifier-html5/library/HTMLPurifier/AttrDef/Regexp.php b/libs/htmlpurifier-html5/library/HTMLPurifier/AttrDef/Regexp.php
@@ -0,0 +1,48 @@
+<?php
+
+class HTMLPurifier_AttrDef_Regexp extends HTMLPurifier_AttrDef
+{
+    /**
+     * @var string
+     */
+    protected $pattern;
+
+    /**
+     * @param string $pattern
+     */
+    public function __construct($pattern = null)
+    {
+        if ($pattern !== null) {
+            $pattern = (string) $pattern;
+            if (false === @preg_match($pattern, 'Test')) {
+                throw new HTMLPurifier_Exception('Invalid regular expression pattern provided');
+            }
+            $this->pattern = $pattern;
+        }
+    }
+
+    /**
+     * @param string $string
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool
+     */
+    public function validate($string, $config, $context)
+    {
+        if ($this->pattern) {
+            return (bool) preg_match($this->pattern, $string);
+        }
+        return false;
+    }
+
+    /**
+     * @param string $string
+     * @return HTMLPurifier_AttrDef_Regexp
+     */
+    public function make($string)
+    {
+        return new self($string);
+    }
+}
+
+// vim: et sw=4 sts=4
diff --git a/libs/htmlpurifier-html5/library/HTMLPurifier/AttrTransform/Progress.php b/libs/htmlpurifier-html5/library/HTMLPurifier/AttrTransform/Progress.php
@@ -0,0 +1,28 @@
+<?php
+
+/**
+ * Post-transform performing validations for <progress> elements ensuring
+ * that if value is present, it is within a valid range (0..1) or (0..max)
+ */
+class HTMLPurifier_AttrTransform_Progress extends HTMLPurifier_AttrTransform
+{
+    /**
+     * @param array $attr
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return array
+     */
+    public function transform($attr, $config, $context)
+    {
+        if (isset($attr['value'])) {
+            $max = isset($attr['max']) ? (float) $attr['max'] : 1;
+            $value = (float) $attr['value'];
+
+            if ($value < 0 || $value > $max) {
+                $this->confiscateAttr($attr, 'value');
+            }
+        }
+
+        return $attr;
+    }
+}