Open lbfeenix opened 2 years ago
Don't think it's a bug, just an incomplete implementation of <pre>
. See comment from when the exclusions were added:
// SGML permits exclusions for all descendants, but this is
// not possible with DTDs or XML Schemas. W3C has elected to
// use complicated compositions of content_models to simulate
// exclusion for children, but we go the simpler, SGML-style
// route of flat-out exclusions. Note that the Abstract Module
// is blithely unaware of such distinctions.
Thanks for reply. I found commit with this comment now. Problem is not so much in removing these elements but in removing all their content. That I see like bug because part of text just disappears.
Hello, I came up with an interesting "bug" that the purifier deletes the contents of nested elements inside the 'pre' tag. I found this in file /library/HTMLPurifier/HTMLModule/Text.php between lines 60-69, $pre->excludes.. Does anyone know why? I'm mainly interested in the tags 'big', 'small' and 'font'. HTML specification does not prohibit using of these tags inside 'pre', or does it? The mentioned tags in 'pre' generally works in actual browsers and there is no reason nor for security to remove them with their content, which is probably the biggest problem.