fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Allow id attributes starting with 'user_content_'

Browse source
This commit is contained in:
Kijin Sung 2016-06-08 16:26:58 +09:00
parent 1f86ae7883
commit 54fe5e102e
2 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
common/framework/filters/htmlfilter.php
View file

@ -106,7 +106,8 @@ class HTMLFilter
// Customize the default configuration.
$config->set('Attr.AllowedFrameTargets', array('_blank'));
$config->set('Attr.DefaultImageAlt', '');
$config->set('Attr.EnableID', false);
$config->set('Attr.EnableID', true);
$config->set('Attr.IDPrefix', 'user_content_');
$config->set('AutoFormat.AutoParagraph', false);
$config->set('AutoFormat.DisplayLinkURI', false);
$config->set('AutoFormat.Linkify', false);

15
tests/unit/framework/filters/HTMLFilterTest.php
View file

@ -105,7 +105,7 @@ class HTMLFilterTest extends \Codeception\TestCase\Test
$target = '<iframe title="Video Test" width="640" height="360" frameborder="0" scrolling="no"></iframe>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<object type="application/x-shockwave-flash" id="DaumVodPlayer_s474b7BR2zzREo0g7OT7EKo" width="640px" height="360px" align="middle" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,3,0,0">' .
$source = '<object type="application/x-shockwave-flash" width="640px" height="360px" align="middle" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,3,0,0">' .
'<param name="movie" value="http://videofarm.daum.net/controller/player/VodPlayer.swf" />' .
'<param name="allowScriptAccess" value="always" />' .
'<param name="allowFullScreen" value="true" />' .
@ -153,11 +153,22 @@ class HTMLFilterTest extends \Codeception\TestCase\Test
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<div somekey="somevalue" otherkey="othervalue" onload="alert(\'xss\');" id="foo" class="bar" editor_component="component_name"></div>';
$target = '<div somekey="somevalue" otherkey="othervalue" class="bar" editor_component="component_name"></div>';
$target = '<div somekey="somevalue" otherkey="othervalue" id="user_content_foo" class="bar" editor_component="component_name"></div>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<div editor_component="component_name" style="width:400px;height:300px;" draggable dropzone contextmenu="whatever"></div>';
$target = '<div editor_component="component_name" style="width:400px;height:300px;"></div>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
}
public function testHTMLFilterUserContentID()
{
$source = '<p id="foobar">Hello World!</p>';
$target = '<p id="user_content_foobar">Hello World!</p>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
$source = '<p id="user_content_foobar">Hello World!</p>';
$target = '<p id="user_content_foobar">Hello World!</p>';
$this->assertEquals($target, Rhymix\Framework\Filters\HTMLFilter::clean($source));
}
}