22262381750

Committed 25 Jan 2026 11:44PM UTC coverage: 92.367% (-0.7%) from 93.057%

Build Type

push

github

Committed by

Commit Message

cs

Run Details

9 of 11 new or added lines in 8 files covered. (81.82%)

161 existing lines in 23 files now uncovered.

2384 of 2581 relevant lines covered (92.37%)

0.92 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.82

/src/Texy/Modules/HtmlModule.php

<?php

/**
 * This file is part of the Texy! (https://texy.nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

declare(strict_types=1);

namespace Texy\Modules;

use Texy;
use Texy\HtmlElement;
use Texy\Patterns;
use function array_flip, explode, is_array, is_string, preg_match, preg_match_all, str_contains, str_ends_with, strtolower, strtoupper, strtr, substr, trim;
use const PREG_SET_ORDER;


/**
 * Html tags module.
 */
final class HtmlModule extends Texy\Module
{
        /** pass HTML comments to output? */
        public bool $passComment = true;


        public function __construct(Texy\Texy $texy)
        {
                $this->texy = $texy;

                $texy->addHandler('htmlComment', $this->solveComment(...));
                $texy->addHandler('htmlTag', $this->solveTag(...));

                $texy->registerLinePattern(
                        $this->patternTag(...),
                        '#<(/?)([a-z][a-z0-9_:-]{0,50})((?:\s++[a-z0-9\_:-]++|=\s*+"[^"' . Patterns::MARK . ']*+"|=\s*+\'[^\'' . Patterns::MARK . ']*+\'|=[^\s>' . Patterns::MARK . ']++)*)\s*+(/?)>#isu',
                        'html/tag',
                );

                $texy->registerLinePattern(
                        $this->patternComment(...),
                        '#<!--([^' . Patterns::MARK . ']*?)-->#is',
                        'html/comment',
                );
        }


        /**
         * Callback for: <!-- comment -->.
         */
        public function patternComment(Texy\LineParser $parser, array $matches): HtmlElement|string|null
        {
                [, $mComment] = $matches;
                return $this->texy->invokeAroundHandlers('htmlComment', $parser, [$mComment]);
        }


        /**
         * Callback for: <tag attr="...">.
         */
        public function patternTag(Texy\LineParser $parser, array $matches): HtmlElement|string|null
        {
                [, $mEnd, $mTag, $mAttr, $mEmpty] = $matches;
                // [1] => /
                // [2] => tag
                // [3] => attributes
                // [4] => /

                $isStart = $mEnd !== '/';
                $isEmpty = $mEmpty === '/';
                if (!$isEmpty && str_ends_with($mAttr, '/')) { // uvizlo v $mAttr?
                        $mAttr = substr($mAttr, 0, -1);
                        $isEmpty = true;
                }

                // error - can't close empty element
                if ($isEmpty && !$isStart) {
                        return null;
                }

                // error - end element with atttrs
                $mAttr = trim(strtr($mAttr, "\n", ' '));
                if ($mAttr && !$isStart) {
                        return null;
                }

                $el = new HtmlElement($mTag);
                if ($isStart) {
                        $el->attrs = $this->parseAttributes($mAttr);
                }

                $res = $this->texy->invokeAroundHandlers('htmlTag', $parser, [$el, $isStart, $isEmpty]);

                if ($res instanceof HtmlElement) {
                        return $this->texy->protect($isStart ? $res->startTag() : $res->endTag(), $res->getContentType());
                }

                return $res;
        }


        /**
         * Finish invocation.
         */
        private function solveTag(
                Texy\HandlerInvocation $invocation,
                HtmlElement $el,
                bool $isStart,
                ?bool $forceEmpty = null,
        ): HtmlElement|string|null
        {
                $texy = $this->texy;

                // tag & attibutes
                $allowedTags = $texy->allowedTags; // speed-up
                if (!$allowedTags) {
                        return null; // all tags are disabled
                }

                // convert case
                $name = $el->getName();
                $lower = strtolower($name);
                if (isset($texy->getDTD()[$lower]) || $name === strtoupper($name)) {
                        // complete UPPER convert to lower
                        $name = $lower;
                        $el->setName($name);
                }

                if (is_array($allowedTags)) {
                        if (!isset($allowedTags[$name])) {
                                return null;
                        }
                } else { // allowedTags === Texy\Texy::ALL
                        if ($forceEmpty) {
                                $el->setName($name, empty: true);
                        }
                }

                // end tag? we are finished
                if (!$isStart) {
                        return $el;
                }

                $this->applyAttrs($el->attrs, is_array($allowedTags) ? $allowedTags[$name] : $texy::ALL);
                $this->applyClasses($el->attrs, $texy->getAllowedProps()[0]);
                $this->applyStyles($el->attrs, $texy->getAllowedProps()[1]);
                if (!$this->validateAttrs($el, $texy)) {
                        return null;
                }

                $el->validateAttrs($texy->getDTD());

                return $el;
        }


        /**
         * Finish invocation.
         */
        private function solveComment(Texy\HandlerInvocation $invocation, string $content): string
        {
                if (!$this->passComment) {
                        return '';
                }

                // sanitize comment
                $content = Texy\Regexp::replace($content, '#-{2,}#', ' - ');
                $content = trim($content, '-');

                return $this->texy->protect('<!--' . $content . '-->', Texy\Texy::CONTENT_MARKUP);
        }


        private function applyAttrs(&$attrs, $allowedAttrs): void
        {
                if (!$allowedAttrs) {
                        $attrs = [];

                } elseif (is_array($allowedAttrs)) {
                        // skip disabled
                        $allowedAttrs = array_flip($allowedAttrs);
                        foreach ($attrs as $key => $foo) {
                                if (!isset($allowedAttrs[$key])) {
                                        unset($attrs[$key]);
                                }
                        }
                }
        }


        private function applyClasses(&$attrs, $allowedClasses): void
        {
                if (!isset($attrs['class'])) {
                } elseif (is_array($allowedClasses)) {
                        $attrs['class'] = explode(' ', $attrs['class']);
                        foreach ($attrs['class'] as $key => $value) {
                                if (!isset($allowedClasses[$value])) {
                                        unset($attrs['class'][$key]); // id & class are case-sensitive
                                }
                        }
                } elseif ($allowedClasses !== Texy\Texy::ALL) {
                        $attrs['class'] = null;
                }

                if (!isset($attrs['id'])) {
                } elseif (is_array($allowedClasses)) {
                        if (!isset($allowedClasses['#' . $attrs['id']])) {
                                $attrs['id'] = null;
                        }
                } elseif ($allowedClasses !== Texy\Texy::ALL) {
                        $attrs['id'] = null;
                }
        }


        private function applyStyles(&$attrs, $allowedStyles): void
        {
                if (!isset($attrs['style'])) {
                } elseif (is_array($allowedStyles)) {
                        $tmp = explode(';', $attrs['style']);
                        $attrs['style'] = null;
                        foreach ($tmp as $value) {
                                $pair = explode(':', $value, 2);
                                $prop = trim($pair[0]);
                                if (isset($pair[1], $allowedStyles[strtolower($prop)])) { // CSS is case-insensitive
                                        $attrs['style'][$prop] = $pair[1];
                                }
                        }
                } elseif ($allowedStyles !== Texy\Texy::ALL) {
                        $attrs['style'] = null;
                }
        }


        private function validateAttrs(HtmlElement $el, Texy\Texy $texy): bool
        {
                foreach (['src', 'href', 'name', 'id'] as $attr) {
                        if (isset($el->attrs[$attr])) {
                                $el->attrs[$attr] = is_string($el->attrs[$attr])
                                        ? trim($el->attrs[$attr])
                                        : '';
                                if ($el->attrs[$attr] === '') {
                                        unset($el->attrs[$attr]);
                                }
                        }
                }

                $name = $el->getName();
                if ($name === 'img') {
                        if (!isset($el->attrs['src']) || !$texy->checkURL($el->attrs['src'], $texy::FILTER_IMAGE)) {
                                return false;
                        }

                        $texy->summary['images'][] = $el->attrs['src'];

                } elseif ($name === 'a') {
                        if (!isset($el->attrs['href']) && !isset($el->attrs['name']) && !isset($el->attrs['id'])) {
                                return false;
                        }

                        if (isset($el->attrs['href'])) {
                                if ($texy->linkModule->forceNoFollow && str_contains($el->attrs['href'], '//')) {
                                        if (isset($el->attrs['rel'])) {
                                                $el->attrs['rel'] = (array) $el->attrs['rel'];
                                        }

                                        $el->attrs['rel'][] = 'nofollow';
                                }

                                if (!$texy->checkURL($el->attrs['href'], $texy::FILTER_ANCHOR)) {
                                        return false;
                                }

                                $texy->summary['links'][] = $el->attrs['href'];
                        }
                } elseif (preg_match('#^h[1-6]#i', $name)) {
                        $texy->headingModule->TOC[] = [
                                'el' => $el,
                                'level' => (int) substr($name, 1),
                                'type' => 'html',
                        ];
                }

                return true;
        }


        private function parseAttributes(string $attrs): array
        {
                $matches = $res = [];
                preg_match_all(
                        '#([a-z0-9\_:-]+)\s*(?:=\s*(\'[^\']*\'|"[^"]*"|[^\'"\s]+))?()#isu',
                        $attrs,
                        $matches,
                        PREG_SET_ORDER,
                );

                foreach ($matches as $m) {
                        $key = strtolower($m[1]);
                        $value = $m[2];
                        if ($value == null) {
                                $res[$key] = true;
                        } elseif ($value[0] === '\'' || $value[0] === '"') {
                                $res[$key] = Texy\Helpers::unescapeHtml(substr($value, 1, -1));
                        } else {
                                $res[$key] = Texy\Helpers::unescapeHtml($value);
                        }
                }

                return $res;
        }
}

1	<?php
2
3	/**
4	* This file is part of the Texy! (https://texy.nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	declare(strict_types=1);
9
10	namespace Texy\Modules;
11
12	use Texy;
13	use Texy\HtmlElement;
14	use Texy\Patterns;
15	use function array_flip, explode, is_array, is_string, preg_match, preg_match_all, str_contains, str_ends_with, strtolower, strtoupper, strtr, substr, trim;
16	use const PREG_SET_ORDER;
17
18
19	/**
20	* Html tags module.
21	*/
22	final class HtmlModule extends Texy\Module
23	{
24	/** pass HTML comments to output? */
25	public bool $passComment = true;
26
27
28	public function __construct(Texy\Texy $texy)	1✔
29	{
30	$this->texy = $texy;	1✔
31
32	$texy->addHandler('htmlComment', $this->solveComment(...));	1✔
33	$texy->addHandler('htmlTag', $this->solveTag(...));	1✔
34
35	$texy->registerLinePattern(	1✔
36	$this->patternTag(...),	1✔
37	'#<(/?)([a-z][a-z0-9_:-]{0,50})((?:\s++[a-z0-9\_:-]++\|=\s+"[^"' . Patterns::MARK . ']+"\|=\s+\'[^\'' . Patterns::MARK . ']+\'\|=[^\s>' . Patterns::MARK . ']++))\s+(/?)>#isu',	1✔
38	'html/tag',	1✔
39	);
40
41	$texy->registerLinePattern(	1✔
42	$this->patternComment(...),	1✔
43	'#<!--([^' . Patterns::MARK . ']*?)-->#is',	1✔
44	'html/comment',	1✔
45	);
46	}	1✔
47
48
49	/**
50	* Callback for: <!-- comment -->.
51	*/
52	public function patternComment(Texy\LineParser $parser, array $matches): HtmlElement\|string\|null	1✔
53	{
54	[, $mComment] = $matches;	1✔
55	return $this->texy->invokeAroundHandlers('htmlComment', $parser, [$mComment]);	1✔
56	}
57
58
59	/**
60	* Callback for: <tag attr="...">.
61	*/
62	public function patternTag(Texy\LineParser $parser, array $matches): HtmlElement\|string\|null	1✔
63	{
64	[, $mEnd, $mTag, $mAttr, $mEmpty] = $matches;	1✔
65	// [1] => /
66	// [2] => tag
67	// [3] => attributes
68	// [4] => /
69
70	$isStart = $mEnd !== '/';	1✔
71	$isEmpty = $mEmpty === '/';	1✔
72	if (!$isEmpty && str_ends_with($mAttr, '/')) { // uvizlo v $mAttr?	1✔
UNCOV 73	$mAttr = substr($mAttr, 0, -1);	×
UNCOV 74	$isEmpty = true;	×
75	}
76
77	// error - can't close empty element
78	if ($isEmpty && !$isStart) {	1✔
UNCOV 79	return null;	×
80	}
81
82	// error - end element with atttrs
83	$mAttr = trim(strtr($mAttr, "\n", ' '));	1✔
84	if ($mAttr && !$isStart) {	1✔
85	return null;	1✔
86	}
87
88	$el = new HtmlElement($mTag);	1✔
89	if ($isStart) {	1✔
90	$el->attrs = $this->parseAttributes($mAttr);	1✔
91	}
92
93	$res = $this->texy->invokeAroundHandlers('htmlTag', $parser, [$el, $isStart, $isEmpty]);	1✔
94
95	if ($res instanceof HtmlElement) {	1✔
96	return $this->texy->protect($isStart ? $res->startTag() : $res->endTag(), $res->getContentType());	1✔
97	}
98
99	return $res;	1✔
100	}
101
102
103	/**
104	* Finish invocation.
105	*/
106	private function solveTag(	1✔
107	Texy\HandlerInvocation $invocation,
108	HtmlElement $el,
109	bool $isStart,
110	?bool $forceEmpty = null,
111	): HtmlElement\|string\|null
112	{
113	$texy = $this->texy;	1✔
114
115	// tag & attibutes
116	$allowedTags = $texy->allowedTags; // speed-up	1✔
117	if (!$allowedTags) {	1✔
118	return null; // all tags are disabled	1✔
119	}
120
121	// convert case
122	$name = $el->getName();	1✔
123	$lower = strtolower($name);	1✔
124	if (isset($texy->getDTD()[$lower]) \|\| $name === strtoupper($name)) {	1✔
125	// complete UPPER convert to lower
126	$name = $lower;	1✔
127	$el->setName($name);	1✔
128	}
129
130	if (is_array($allowedTags)) {	1✔
131	if (!isset($allowedTags[$name])) {	1✔
132	return null;	1✔
133	}
134	} else { // allowedTags === Texy\Texy::ALL
UNCOV 135	if ($forceEmpty) {	×
NEW 136	$el->setName($name, empty: true);	×
137	}
138	}
139
140	// end tag? we are finished
141	if (!$isStart) {	1✔
142	return $el;	1✔
143	}
144
145	$this->applyAttrs($el->attrs, is_array($allowedTags) ? $allowedTags[$name] : $texy::ALL);	1✔
146	$this->applyClasses($el->attrs, $texy->getAllowedProps()[0]);	1✔
147	$this->applyStyles($el->attrs, $texy->getAllowedProps()[1]);	1✔
148	if (!$this->validateAttrs($el, $texy)) {	1✔
149	return null;	1✔
150	}
151
152	$el->validateAttrs($texy->getDTD());	1✔
153
154	return $el;	1✔
155	}
156
157
158	/**
159	* Finish invocation.
160	*/
161	private function solveComment(Texy\HandlerInvocation $invocation, string $content): string	1✔
162	{
163	if (!$this->passComment) {	1✔
UNCOV 164	return '';	×
165	}
166
167	// sanitize comment
168	$content = Texy\Regexp::replace($content, '#-{2,}#', ' - ');	1✔
169	$content = trim($content, '-');	1✔
170
171	return $this->texy->protect('<!--' . $content . '-->', Texy\Texy::CONTENT_MARKUP);	1✔
172	}
173
174
175	private function applyAttrs(&$attrs, $allowedAttrs): void
176	{
177	if (!$allowedAttrs) {	1✔
178	$attrs = [];	1✔
179
180	} elseif (is_array($allowedAttrs)) {	1✔
181	// skip disabled
182	$allowedAttrs = array_flip($allowedAttrs);	1✔
183	foreach ($attrs as $key => $foo) {	1✔
184	if (!isset($allowedAttrs[$key])) {	1✔
UNCOV 185	unset($attrs[$key]);	×
186	}
187	}
188	}
189	}	1✔
190
191
192	private function applyClasses(&$attrs, $allowedClasses): void
193	{
194	if (!isset($attrs['class'])) {	1✔
UNCOV 195	} elseif (is_array($allowedClasses)) {	×
UNCOV 196	$attrs['class'] = explode(' ', $attrs['class']);	×
UNCOV 197	foreach ($attrs['class'] as $key => $value) {	×
UNCOV 198	if (!isset($allowedClasses[$value])) {	×
UNCOV 199	unset($attrs['class'][$key]); // id & class are case-sensitive	×
200	}
201	}
UNCOV 202	} elseif ($allowedClasses !== Texy\Texy::ALL) {	×
UNCOV 203	$attrs['class'] = null;	×
204	}
205
206	if (!isset($attrs['id'])) {	1✔
207	} elseif (is_array($allowedClasses)) {	1✔
208	if (!isset($allowedClasses['#' . $attrs['id']])) {	×
209	$attrs['id'] = null;	×
210	}
211	} elseif ($allowedClasses !== Texy\Texy::ALL) {	1✔
UNCOV 212	$attrs['id'] = null;	×
213	}
214	}	1✔
215
216
217	private function applyStyles(&$attrs, $allowedStyles): void
218	{
219	if (!isset($attrs['style'])) {	1✔
220	} elseif (is_array($allowedStyles)) {	1✔
UNCOV 221	$tmp = explode(';', $attrs['style']);	×
UNCOV 222	$attrs['style'] = null;	×
223	foreach ($tmp as $value) {	×
UNCOV 224	$pair = explode(':', $value, 2);	×
UNCOV 225	$prop = trim($pair[0]);	×
UNCOV 226	if (isset($pair[1], $allowedStyles[strtolower($prop)])) { // CSS is case-insensitive	×
UNCOV 227	$attrs['style'][$prop] = $pair[1];	×
228	}
229	}
230	} elseif ($allowedStyles !== Texy\Texy::ALL) {	1✔
UNCOV 231	$attrs['style'] = null;	×
232	}
233	}	1✔
234
235
236	private function validateAttrs(HtmlElement $el, Texy\Texy $texy): bool	1✔
237	{
238	foreach (['src', 'href', 'name', 'id'] as $attr) {	1✔
239	if (isset($el->attrs[$attr])) {	1✔
240	$el->attrs[$attr] = is_string($el->attrs[$attr])	1✔
241	? trim($el->attrs[$attr])	1✔
UNCOV 242	: '';	×
243	if ($el->attrs[$attr] === '') {	1✔
UNCOV 244	unset($el->attrs[$attr]);	×
245	}
246	}
247	}
248
249	$name = $el->getName();	1✔
250	if ($name === 'img') {	1✔
251	if (!isset($el->attrs['src']) \|\| !$texy->checkURL($el->attrs['src'], $texy::FILTER_IMAGE)) {	1✔
UNCOV 252	return false;	×
253	}
254
255	$texy->summary['images'][] = $el->attrs['src'];	1✔
256
257	} elseif ($name === 'a') {	1✔
258	if (!isset($el->attrs['href']) && !isset($el->attrs['name']) && !isset($el->attrs['id'])) {	1✔
259	return false;	1✔
260	}
261
262	if (isset($el->attrs['href'])) {	1✔
263	if ($texy->linkModule->forceNoFollow && str_contains($el->attrs['href'], '//')) {	1✔
264	if (isset($el->attrs['rel'])) {	1✔
265	$el->attrs['rel'] = (array) $el->attrs['rel'];	1✔
266	}
267
268	$el->attrs['rel'][] = 'nofollow';	1✔
269	}
270
271	if (!$texy->checkURL($el->attrs['href'], $texy::FILTER_ANCHOR)) {	1✔
272	return false;	1✔
273	}
274
275	$texy->summary['links'][] = $el->attrs['href'];	1✔
276	}
277	} elseif (preg_match('#^h[1-6]#i', $name)) {	1✔
278	$texy->headingModule->TOC[] = [	1✔
279	'el' => $el,	1✔
280	'level' => (int) substr($name, 1),	1✔
281	'type' => 'html',	1✔
282	];
283	}
284
285	return true;	1✔
286	}
287
288
289	private function parseAttributes(string $attrs): array	1✔
290	{
291	$matches = $res = [];	1✔
292	preg_match_all(	1✔
293	'#([a-z0-9\_:-]+)\s(?:=\s(\'[^\']\'\|"[^"]"\|[^\'"\s]+))?()#isu',	1✔
294	$attrs,	1✔
295	$matches,	1✔
296	PREG_SET_ORDER,	1✔
297	);
298
299	foreach ($matches as $m) {	1✔
300	$key = strtolower($m[1]);	1✔
301	$value = $m[2];	1✔
302	if ($value == null) {	1✔
303	$res[$key] = true;	1✔
304	} elseif ($value[0] === '\'' \|\| $value[0] === '"') {	1✔
305	$res[$key] = Texy\Helpers::unescapeHtml(substr($value, 1, -1));	1✔
306	} else {
307	$res[$key] = Texy\Helpers::unescapeHtml($value);	1✔
308	}
309	}
310
311	return $res;	1✔
312	}
313	}

dg / texy / 22262381750

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous