fix: CSSTidy ImportantComments not handled properly

ezyang / htmlpurifier

Standards compliant HTML filter written in PHP

http://htmlpurifier.org

GNU Lesser General Public License v2.1

3.03k stars 323 forks source link

fix: CSSTidy ImportantComments not handled properly #359

Closed Wolfrank1149 closed 1 year ago

Wolfrank1149 commented 1 year ago

Fix for issue https://github.com/ezyang/htmlpurifier/issues/357

Added a check if $decls is an array before the foreach and not keeping the value if it's not.

Also added a unit test for that case.

Wolfrank1149 commented 1 year ago

The validation is still done, I only skip it for the important comments. Do want me to also check them? If yes, do I validate them like a style or do you have a specifict validation for comments?

ezyang commented 1 year ago

Hmm, ok, so basically it sounds like what you are saying is the decls are string, they are comments? I think I would still feel more comfortable if we limit the valid contents of the comment. Can we allow only !important for your use case?

Wolfrank1149 commented 1 year ago

Here the out put from print_r($this-_tidy->css) in ExtractStyleBlocks.php when I run the unit test I added.

(
    [!] => ! Important 
! Important2 
    [41] => Array
        (
            [div] => Array
                (
                    [text-align] => right
                )

        )
)

I also decided to simply remove the comments since they have no impact on the code. It's safer and easier to manage.

ezyang commented 1 year ago

Woops our ci is broken

github-actions[bot] commented 8 months ago

:tada: This PR is included in version 4.17.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: