Don't truncate in DOMLex when seeing closing div

Signed-off-by: Edward Z. Yang <[email protected]>
jasonstockman · Aug 31, 2014 · 15d1a30 · 15d1a30
1 parent 80ebd43
commit 15d1a30
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/NEWS b/NEWS
@@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+4.7.0, unknown release date
+- Don't truncate upon encountering </div> when using DOMLex.  Thanks
+  Myrto Christina for finally convincing me to fix this.
+
 4.6.0, released 2013-11-30
 # Secure URI munge hashing algorithm has changed to hash_hmac("sha256", $url, $secret).
   Please update any verification scripts you may have.

diff --git a/library/HTMLPurifier/Lexer/DOMLex.php b/library/HTMLPurifier/Lexer/DOMLex.php
@@ -75,8 +75,7 @@ public function tokenizeHTML($html, $config, $context)
         $tokens = array();
         $this->tokenizeDOM(
             $doc->getElementsByTagName('html')->item(0)-> // <html>
-            getElementsByTagName('body')->item(0)-> //   <body>
-            getElementsByTagName('div')->item(0), //     <div>
+            getElementsByTagName('body')->item(0), //   <body>
             $tokens
         );
         return $tokens;
@@ -272,7 +271,7 @@ protected function wrapHTML($html, $config, $context)
         $ret .= '<html><head>';
         $ret .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
         // No protection if $html contains a stray </div>!
-        $ret .= '</head><body><div>' . $html . '</div></body></html>';
+        $ret .= '</head><body>' . $html . '</body></html>';
         return $ret;
     }
 }

diff --git a/library/HTMLPurifier/Lexer/PH5P.php b/library/HTMLPurifier/Lexer/PH5P.php
@@ -34,8 +34,7 @@ public function tokenizeHTML($html, $config, $context)
         $tokens = array();
         $this->tokenizeDOM(
             $doc->getElementsByTagName('html')->item(0)-> // <html>
-                getElementsByTagName('body')->item(0)-> //   <body>
-                getElementsByTagName('div')->item(0) //     <div>
+                getElementsByTagName('body')->item(0) //   <body>
             ,
             $tokens
         );

diff --git a/tests/HTMLPurifier/LexerTest.php b/tests/HTMLPurifier/LexerTest.php
@@ -264,7 +264,8 @@ public function test_tokenizeHTML_notWellFormed()
                     new HTMLPurifier_Token_End('poolasdf'),
                     new HTMLPurifier_Token_End('pooloka'),
                 ),
-                'PH5P' => $alt,
+                // 20140831: Weird, but whatever...
+                'PH5P' => array(new HTMLPurifier_Token_Empty('asdf')),
             )
         );
     }
@@ -800,6 +801,21 @@ public function test_tokenizeHTML_imgTag()
         );
     }
 
+    public function test_tokenizeHTML_prematureDivClose()
+    {
+        $this->assertTokenization(
+            '</div>dontdie',
+            array(
+                new HTMLPurifier_Token_End('div'),
+                new HTMLPurifier_Token_Text('dontdie')
+            ),
+            array(
+                'DOMLex' => $alt = array(new HTMLPurifier_Token_Text('dontdie')),
+                'PH5P' => $alt
+            )
+        );
+    }
+
 
     /*