Commit 5c267d20 authored by Nicole Cordes's avatar Nicole Cordes Committed by Oliver Hader
Browse files

[BUGFIX] Exclude CDATA from t3lib_parsehtml->XHTML_clean

Due to commit https://review.typo3.org/#/c/30240/ the comments from
javascript is removed and now the javascript is parsed with
config.xhtml_cleaning = all. This patch prevents any CDATA content from
being parsed.

Resolves: #62967
Releases: master, 6.2, 4.5
Change-Id: Ib024c5c8f2b056e47d9222b9767b7a5e6923af8c
Reviewed-on: http://review.typo3.org/35039


Reviewed-by: Nicole Cordes's avatarNicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes's avatarNicole Cordes <typo3@cordes.co>
Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent 60be4f62
......@@ -715,6 +715,7 @@ class t3lib_parsehtml {
$tagRegister = array();
$tagStack = array();
$inComment = FALSE;
$inCdata = FALSE;
$skipTag = FALSE;
while (list(, $tok) = each($tokArr)) {
if ($inComment) {
......@@ -728,8 +729,18 @@ class t3lib_parsehtml {
$tok = substr($tok, $eocPos + 3);
$inComment = FALSE;
$skipTag = TRUE;
}
elseif (substr($tok, 0, 3) == '!--') {
} elseif ($inCdata) {
if (($eocPos = strpos($tok, '/*]]>*/')) === FALSE) {
// End of comment is not found in the token. Go futher until end of comment is found in other tokens.
$newContent[$c++] = '<' . $tok;
continue;
}
// Comment ends in the middle of the token: add comment and proceed with rest of the token
$newContent[$c++] = '<' . substr($tok, 0, $eocPos + 10);
$tok = substr($tok, $eocPos + 10);
$inCdata = FALSE;
$skipTag = TRUE;
} elseif (substr($tok, 0, 3) == '!--') {
if (($eocPos = strpos($tok, '-->')) === FALSE) {
// Comment started in this token but it does end in the same token. Set a flag to skip till the end of comment
$newContent[$c++] = '<' . $tok;
......@@ -740,6 +751,17 @@ class t3lib_parsehtml {
$newContent[$c++] = '<' . substr($tok, 0, $eocPos + 3);
$tok = substr($tok, $eocPos + 3);
$skipTag = TRUE;
} elseif (substr($tok, 0, 10) === '![CDATA[*/') {
if (($eocPos = strpos($tok, '/*]]>*/')) === FALSE) {
// Comment started in this token but it does end in the same token. Set a flag to skip till the end of comment
$newContent[$c++] = '<' . $tok;
$inCdata = TRUE;
continue;
}
// Start and end of comment are both in the current token. Add comment and proceed with rest of the token
$newContent[$c++] = '<' . substr($tok, 0, $eocPos + 10);
$tok = substr($tok, $eocPos + 10);
$skipTag = TRUE;
}
$firstChar = substr($tok, 0, 1);
if (!$skipTag && preg_match('/[[:alnum:]\/]/', $firstChar) == 1) { // It is a tag... (first char is a-z0-9 or /) (fixed 19/01 2004). This also avoids triggering on <?xml..> and <!DOCTYPE..>
......
<?php
/***************************************************************
* Copyright notice
*
* (c) 2014 Oliver Hader <oliver.hader@typo3.org>
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
/**
* Testcase for class t3lib_parsehtml
*
* @package TYPO3
* @subpackage t3lib
*/
class t3lib_parsehtmlTest extends tx_phpunit_testcase {
/**
* Enable backup of global and system variables
*
* @var boolean
*/
protected $backupGlobals = TRUE;
/**
* @var t3lib_parsehtml
*/
protected $fixture;
/**
* Sets up this test case.
*
* @return void
*/
protected function setUp() {
$this->fixture = new t3lib_parsehtml();
}
/**
* Tears down this test case.
*
* @return void
*/
protected function tearDown() {
unset($this->fixture);
}
/**
* @return array
*/
public function cDataWillRemainUnmodifiedDataProvider() {
return array(
'single-line CDATA' => array(
'/*<![CDATA[*/ <hello world> /*]]>*/',
'/*<![CDATA[*/ <hello world> /*]]>*/',
),
'multi-line CDATA #1' => array(
'/*<![CDATA[*/' . LF . '<hello world> /*]]>*/',
'/*<![CDATA[*/' . LF . '<hello world> /*]]>*/',
),
'multi-line CDATA #2' => array(
'/*<![CDATA[*/ <hello world>' . LF . '/*]]>*/',
'/*<![CDATA[*/ <hello world>' . LF . '/*]]>*/',
),
'multi-line CDATA #3' => array(
'/*<![CDATA[*/' . LF . '<hello world>' . LF . '/*]]>*/',
'/*<![CDATA[*/' . LF . '<hello world>' . LF . '/*]]>*/',
),
);
}
/**
* @test
* @param string $source
* @param string $expected
* @dataProvider cDataWillRemainUnmodifiedDataProvider
*/
public function xHtmlCleaningDoesNotModifyCDATA($source, $expected) {
$result = $this->fixture->XHTML_clean($source);
$this->assertSame($expected, $result);
}
}
?>
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment