diff options
author | David Rothstein <drothstein@gmail.com> | 2015-05-04 23:45:57 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2015-05-04 23:45:57 -0400 |
commit | 254424dcfa2a165be18fec2917f6fbd22fbd9970 (patch) | |
tree | 6daa863a0a8090fdf1f1e616e435bb3a1ab6cbf1 | |
parent | 880152ae12536fde3975c4581494064532c4fbb1 (diff) | |
download | brdo-254424dcfa2a165be18fec2917f6fbd22fbd9970.tar.gz brdo-254424dcfa2a165be18fec2917f6fbd22fbd9970.tar.bz2 |
Issue #2315255 by Dave Reid, Devin Carlson: Allow custom HTML tags with a dash in the name to pass through filter_xss() when specified in the list of allowed tags
-rw-r--r-- | CHANGELOG.txt | 2 | ||||
-rw-r--r-- | includes/common.inc | 2 | ||||
-rw-r--r-- | modules/filter/filter.test | 6 |
3 files changed, 8 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 399757910..436b0e148 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,8 @@ Drupal 7.37, xxxx-xx-xx (development version) ----------------------- +- Allowed custom HTML tags with a dash in the name to pass through filter_xss() + when specified in the list of allowed tags. - Allowed hook_field_schema() implementations to specify indexes for fields based on a fixed-length column prefix (rather than the entire column), as was already allowed in hook_schema() implementations. diff --git a/includes/common.inc b/includes/common.inc index b7b9562d4..cd3014553 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1522,7 +1522,7 @@ function _filter_xss_split($m, $store = FALSE) { return '<'; } - if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) { + if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) { // Seriously malformed. return ''; } diff --git a/modules/filter/filter.test b/modules/filter/filter.test index fe9cfc366..ddea6afb5 100644 --- a/modules/filter/filter.test +++ b/modules/filter/filter.test @@ -1148,7 +1148,7 @@ class FilterUnitTestCase extends DrupalUnitTestCase { // Setup dummy filter object. $filter = new stdClass(); $filter->settings = array( - 'allowed_html' => '<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>', + 'allowed_html' => '<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <test-element>', 'filter_html_help' => 1, 'filter_html_nofollow' => 0, ); @@ -1184,6 +1184,10 @@ class FilterUnitTestCase extends DrupalUnitTestCase { $f = _filter_html('<code onerror> </code>', $filter); $this->assertNoNormalized($f, 'onerror', 'HTML filter should remove empty on* attributes on default.'); + + // Custom tags are supported and should be allowed through. + $f = _filter_html('<test-element></test-element>', $filter); + $this->assertNormalized($f, 'test-element', 'HTML filter should allow custom elements.'); } /** |