Protect code HTML

This commit is contained in:
Alex Kirk 2023-01-27 16:50:04 +01:00
parent b9f8294140
commit cbfe6ea431
4 changed files with 39 additions and 4 deletions

View file

@ -44,6 +44,16 @@ class Hashtag {
*/ */
public static function the_content( $the_content ) { public static function the_content( $the_content ) {
$protected_tags = array(); $protected_tags = array();
$the_content = preg_replace_callback(
'#<(code|textarea|style)\b[^>]*>.*?</\1[^>]*>#i',
function( $m ) use ( &$protected_tags ) {
$c = count( $protected_tags );
$protect = '!#!#PROTECT' . $c . '#!#!';
$protected_tags[ $protect ] = $m[0];
return $protect;
},
$the_content
);
$the_content = preg_replace_callback( $the_content = preg_replace_callback(
'#<[^>]+>#i', '#<[^>]+>#i',
function( $m ) use ( &$protected_tags ) { function( $m ) use ( &$protected_tags ) {

View file

@ -24,6 +24,16 @@ class Mention {
*/ */
public static function the_content( $the_content ) { public static function the_content( $the_content ) {
$protected_tags = array(); $protected_tags = array();
$the_content = preg_replace_callback(
'#<(code|textarea|style)\b[^>]*>.*?</\1[^>]*>#i',
function( $m ) use ( &$protected_tags ) {
$c = count( $protected_tags );
$protect = '!#!#PROTECT' . $c . '#!#!';
$protected_tags[ $protect ] = $m[0];
return $protect;
},
$the_content
);
$the_content = preg_replace_callback( $the_content = preg_replace_callback(
'#<a.*?href=[^>]+>.*?</a>#i', '#<a.*?href=[^>]+>.*?</a>#i',
function( $m ) use ( &$protected_tags ) { function( $m ) use ( &$protected_tags ) {

View file

@ -5,6 +5,7 @@ class Test_Activitypub_Hashtag extends WP_UnitTestCase {
*/ */
public function test_the_content( $content, $content_with_hashtag ) { public function test_the_content( $content, $content_with_hashtag ) {
\wp_create_term( 'object', 'post_tag' ); \wp_create_term( 'object', 'post_tag' );
\wp_create_term( 'ccc', 'post_tag' );
$object = \get_term_by( 'name', 'object', 'post_tag' ); $object = \get_term_by( 'name', 'object', 'post_tag' );
$link = \get_term_link( $object, 'post_tag' ); $link = \get_term_link( $object, 'post_tag' );
@ -14,6 +15,15 @@ class Test_Activitypub_Hashtag extends WP_UnitTestCase {
} }
public function the_content_provider() { public function the_content_provider() {
$code = '<code>text with some #object and <a> tag inside</code>';
$style = <<<ENDSTYLE
<style type="text/css">
<![[
color: #ccc;
]]>
</style>
ENDSTYLE;
$textarea = '<textarea name="test" rows="20">color: #ccc</textarea>';
return array( return array(
array( 'test', 'test' ), array( 'test', 'test' ),
array( '#test', '#test' ), array( '#test', '#test' ),
@ -27,6 +37,9 @@ class Test_Activitypub_Hashtag extends WP_UnitTestCase {
array( '<div>#object</div>', '<div>#object</div>' ), array( '<div>#object</div>', '<div>#object</div>' ),
array( '<a>#object</a>', '<a>#object</a>' ), array( '<a>#object</a>', '<a>#object</a>' ),
array( '<div style="color: #ccc;">object</a>', '<div style="color: #ccc;">object</a>' ), array( '<div style="color: #ccc;">object</a>', '<div style="color: #ccc;">object</a>' ),
array( $code, $code ),
array( $style, $style ),
array( $textarea, $textarea ),
); );
} }
} }

View file

@ -18,12 +18,14 @@ class Test_Activitypub_Mention extends ActivityPub_TestCase_Cache_HTTP {
} }
public function the_content_provider() { public function the_content_provider() {
$code = 'hallo <code>@username@example.org</code> test';
return array( return array(
array( 'hallo @username@example.org test', 'hallo <a rel="mention" class="u-url mention" href="https://example.org/users/username">@<span>username</span></a> test' ), array( 'hallo @username@example.org test', 'hallo <a rel="mention" class="u-url mention" href="https://example.org/users/username">@<span>username</span></a> test' ),
array( 'hallo @pfefferle@notiz.blog test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@<span>pfefferle</span></a> test' ), array( 'hallo @pfefferle@notiz.blog test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@<span>pfefferle</span></a> test' ),
array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@<span>pfefferle</span>@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@<span>pfefferle</span>@notiz.blog</a> test' ), array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@<span>pfefferle</span>@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@<span>pfefferle</span>@notiz.blog</a> test' ),
array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@pfefferle@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@pfefferle@notiz.blog</a> test' ), array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@pfefferle@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/author/matthias-pfefferle/">@pfefferle@notiz.blog</a> test' ),
array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/@pfefferle/">@pfefferle@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/@pfefferle/">@pfefferle@notiz.blog</a> test' ), array( 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/@pfefferle/">@pfefferle@notiz.blog</a> test', 'hallo <a rel="mention" class="u-url mention" href="https://notiz.blog/@pfefferle/">@pfefferle@notiz.blog</a> test' ),
array( $code, $code ),
); );
} }