HTMLPurifier dies when the following code is run t

2019-09-03 15:36发布

问题:

Using the latest release of HTMLPurifier with default configs.

The following code will cause the oh-so-lovely blank white page in PHP. Am I missing something? Even if I set HTML.TidyLevel to light or none it still breaks. Here is a partial log of the errors thrown when trying to purify the code below: http://pastie.org/private/13f0htscq0v8bhhlt7dpg

For reference, here is the associated code I'm using to do it:

$config = new HTMLPurifier_Config(new HTMLPurifier_ConfigSchema());
$config->set('HTML.TidyLevel', 'light'); // breaks with any level, even 'none'
self::$pure = new HTMLPurifier($config);
self::$pure->purify($str); // $str contains the code below

And, finally, the offending code:

<code>
<style type="text/css">
.block {
    position: relative;
}

.block h2 a span {
    position: absolute;
    top: 0;
    left: 0;
    width: 100%;
    height: 100%;
    outline: 1px dashed #000;
}
</style>

<div class="block">
<h2><a href="#"><span></span>Title of block</a></h2>
<p>This entire block is clickable</p>
<ul>
    <li>Use</li>
    <li>Any</li>
    <li>Markup you like</li>
</ul>
<div>Even more divs!</div>
<p>without worrying about whether the element is allowed to be a child of an anchor</p>
</div>
</code>

回答1:

Delete your htmlpurifier directory and install a fresh copy from the tarball.