13179144986

Committed 06 Feb 2025 12:48PM UTC coverage: 99.276% (-0.1%) from 99.406%

Build # 13179144986

Build Type

Pull #84

github

Committed by

web-flow

Commit Message

Merge b3671842e into 15fcb5aa0

Pull Request Pull Request #84: PHP 8.4 support

Run Details

1 of 4 new or added lines in 1 file covered. (25.0%)

2 existing lines in 2 files now uncovered.

1508 of 1519 relevant lines covered (99.28%)

3883.48 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/library/HTMLPurifier/ChildDef/HTML5/Script.php

<?php

class HTMLPurifier_ChildDef_HTML5_Script extends HTMLPurifier_ChildDef
{
    public $type = 'script';

    /**
     * Whether children (text contents) are allowed
     * @var bool
     */
    public $allow_children = true;

    /**
     * @param HTMLPurifier_Node[] $children
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return HTMLPurifier_Node[]|bool
     */
    public function validateChildren($children, $config, $context)
    {
        $node = $context->exists('CurrentNode')
            ? $context->get('CurrentNode')
            : null;

        // Content model:
        //   If there is no src attribute, depends on the value of the type
        //   attribute, but must match script content restrictions.
        //   If there is a src attribute, the element must be either empty
        //   or contain only script documentation that also matches script
        //   content restrictions.
        // https://html.spec.whatwg.org/multipage/scripting.html#the-script-element

        if ($node instanceof HTMLPurifier_Node_Element) {
            // must validate src attribute here, because children validation is
            // executed before attribute validation

            // This part I don't like, but currently it's unavoidable because
            // of how HTMLPurifier works internally. Attribute transformations
            // and validations are done after children validation. So there is
            // no way of knowing whether src attribute is valid other than
            // do the validation here as well.
            $src = $this->getSrc($node, $config, $context);

            if (strlen($src)) {
                return array();
            }

            // Remove <script> if there is no 'src' attribute and no children
            // or if children are explicitly forbidden
            if (empty($children) || !$this->allow_children) {
                return false;
            }
        }

        return $this->allow_children ? true : array();
    }

    /**
     * @param HTMLPurifier_Node_Element $element
     * @param HTMLPurifier_Config $config
     * @param HTMLPurifier_Context $context
     * @return string
     */
    protected function getSrc(HTMLPurifier_Node_Element $element, HTMLPurifier_Config $config, HTMLPurifier_Context $context)
    {
        $src = isset($element->attr['src']) ? trim($element->attr['src']) : '';

        if (strlen($src)) {
            $info = $config->getHTMLDefinition()->info['script'];
            if (isset($info->attr['src'])) {
                /** @var HTMLPurifier_AttrDef $srcAttrDef */
                $srcAttrDef = $info->attr['src'];

                $result = $srcAttrDef->validate($src, $config, $context);
                $src = $result === true ? $src : $result;
            }
        }

        return $src;
    }
}

1	<?php
2
3	class HTMLPurifier_ChildDef_HTML5_Script extends HTMLPurifier_ChildDef
4	{
5	public $type = 'script';
6
7	/**
8	* Whether children (text contents) are allowed
9	* @var bool
10	*/
11	public $allow_children = true;
12
13	/**
14	* @param HTMLPurifier_Node[] $children
15	* @param HTMLPurifier_Config $config
16	* @param HTMLPurifier_Context $context
17	* @return HTMLPurifier_Node[]\|bool
18	*/
19	public function validateChildren($children, $config, $context)
20	{
21	$node = $context->exists('CurrentNode')	216✔
22	? $context->get('CurrentNode')	216✔
UNCOV 23	: null;	126✔
24
25	// Content model:
26	// If there is no src attribute, depends on the value of the type
27	// attribute, but must match script content restrictions.
28	// If there is a src attribute, the element must be either empty
29	// or contain only script documentation that also matches script
30	// content restrictions.
31	// https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
32
33	if ($node instanceof HTMLPurifier_Node_Element) {	216✔
34	// must validate src attribute here, because children validation is
35	// executed before attribute validation
36
37	// This part I don't like, but currently it's unavoidable because
38	// of how HTMLPurifier works internally. Attribute transformations
39	// and validations are done after children validation. So there is
40	// no way of knowing whether src attribute is valid other than
41	// do the validation here as well.
42	$src = $this->getSrc($node, $config, $context);	216✔
43
44	if (strlen($src)) {	216✔
45	return array();	108✔
46	}
47
48	// Remove <script> if there is no 'src' attribute and no children
49	// or if children are explicitly forbidden
50	if (empty($children) \|\| !$this->allow_children) {	120✔
51	return false;	36✔
52	}
53	}	14✔
54
55	return $this->allow_children ? true : array();	84✔
56	}
57
58	/**
59	* @param HTMLPurifier_Node_Element $element
60	* @param HTMLPurifier_Config $config
61	* @param HTMLPurifier_Context $context
62	* @return string
63	*/
64	protected function getSrc(HTMLPurifier_Node_Element $element, HTMLPurifier_Config $config, HTMLPurifier_Context $context)
65	{
66	$src = isset($element->attr['src']) ? trim($element->attr['src']) : '';	216✔
67
68	if (strlen($src)) {	216✔
69	$info = $config->getHTMLDefinition()->info['script'];	120✔
70	if (isset($info->attr['src'])) {	120✔
71	/** @var HTMLPurifier_AttrDef $srcAttrDef */
72	$srcAttrDef = $info->attr['src'];	120✔
73
74	$result = $srcAttrDef->validate($src, $config, $context);	120✔
75	$src = $result === true ? $src : $result;	120✔
76	}	20✔
77	}	20✔
78
79	return $src;	216✔
80	}
81	}

xemlock / htmlpurifier-html5 / 13179144986

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous