if ($this->ignore_lf_token) $this->ignore_lf_token--;
$this->ignored = false;
+
+ $token['name'] = str_replace(':', '-', $token['name']);
// indenting is a little wonky, this can be changed later on
switch ($mode) {
case 'tbody': case 'td': case 'tfoot': case 'th': case 'thead': case 'tr':
// parse error
break;
-
+
/* A start tag token not covered by the previous entries */
default:
/* Reconstruct the active formatting elements, if any. */
}
private function insertElement($token, $append = true) {
- $el = $this->dom->createElementNS(self::NS_HTML, $token['name']);
-
+ $el = $this->dom->createElementNS(self::NS_HTML, $token['name']);
+ if ($el == false) {
+ logger('insertElement(): ignoring invalid token='.$token['name']);
+ return false;
+ }
+
if (!empty($token['attr'])) {
foreach($token['attr'] as $attr) {
- // mike@macgirvin.com 2011-10-21, stray double quotes and/or numeric tags cause everything to abort
- $attr['name'] = str_replace('"','',$attr['name']);
- if(!$el->hasAttribute($attr['name']) && (! is_numeric($attr['name']))) {
+
+ // mike@macgirvin.com 2011-11-17, check attribute name for
+ // validity (ignoring extenders and combiners) as illegal chars in names
+ // causes everything to abort
+
+ $valid = preg_match('/^[a-zA-Z\_\:]([\-a-zA-Z0-9\_\:\.]+$)/',$attr['name'],$matches);
+ if($attr['name'] && (!$el->hasAttribute($attr['name'])) && ($valid)) {
$el->setAttribute($attr['name'], $attr['value']);
}
}
projects / friendica.git / blobdiff