From cb36fe25a75b764e020760fd0d918bea13cadd13 Mon Sep 17 00:00:00 2001 From: maTh Date: Sat, 5 Feb 2022 14:15:32 +0100 Subject: Improved: Fetch articles with selector but do not delete the class attribute. (Simplepie: new method: rename_attribute) (#4175) * added to simplepie: rename_attributes * rename the class attribute * Update lib/SimplePie/SimplePie/Sanitize.php Co-authored-by: Alexandre Alapetite * added 'id' as attribute to rename to 'data-sanitized-id' * Update lib_rss.php * source code in sync with simplepie upstream * fixed parameters Co-authored-by: Alexandre Alapetite --- lib/SimplePie/SimplePie.php | 16 +++++++++++++++ lib/SimplePie/SimplePie/Sanitize.php | 39 ++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) (limited to 'lib/SimplePie') diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php index 4a02b2973..b0e973e83 100644 --- a/lib/SimplePie/SimplePie.php +++ b/lib/SimplePie/SimplePie.php @@ -656,6 +656,13 @@ class SimplePie */ public $strip_htmltags = array('base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style'); + /** + * @var array Stores the default tags to be stripped by rename_attributes(). + * @see SimplePie::rename_attributes() + * @access private + */ + public $rename_attributes = array(); + /** * @var bool Should we throw exceptions, or use the old-style error property? * @access private @@ -1235,6 +1242,15 @@ class SimplePie $this->sanitize->encode_instead_of_strip($enable); } + public function rename_attributes($attribs = '') + { + if ($attribs === '') + { + $attribs = $this->rename_attributes; + } + $this->sanitize->rename_attributes($attribs); + } + public function strip_attributes($attribs = '') { if ($attribs === '') diff --git a/lib/SimplePie/SimplePie/Sanitize.php b/lib/SimplePie/SimplePie/Sanitize.php index 300a47800..6cb716a72 100644 --- a/lib/SimplePie/SimplePie/Sanitize.php +++ b/lib/SimplePie/SimplePie/Sanitize.php @@ -61,6 +61,7 @@ class SimplePie_Sanitize var $strip_htmltags = array('base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style'); var $encode_instead_of_strip = false; var $strip_attributes = array('bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'); + var $rename_attributes = array(); var $add_attributes = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none')); var $strip_comments = false; var $output_encoding = 'UTF-8'; @@ -169,6 +170,25 @@ class SimplePie_Sanitize $this->encode_instead_of_strip = (bool) $encode; } + public function rename_attributes($attribs = array()) + { + if ($attribs) + { + if (is_array($attribs)) + { + $this->rename_attributes = $attribs; + } + else + { + $this->rename_attributes = explode(',', $attribs); + } + } + else + { + $this->rename_attributes = false; + } + } + public function strip_attributes($attribs = array('bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc')) { if ($attribs) @@ -375,6 +395,14 @@ class SimplePie_Sanitize } } + if ($this->rename_attributes) + { + foreach ($this->rename_attributes as $attrib) + { + $this->rename_attr($attrib, $xpath); + } + } + if ($this->strip_attributes) { foreach ($this->strip_attributes as $attrib) @@ -643,6 +671,17 @@ class SimplePie_Sanitize } } + protected function rename_attr($attrib, $xpath) + { + $elements = $xpath->query('//*[@' . $attrib . ']'); + + foreach ($elements as $element) + { + $element->setAttribute('data-sanitized-' . $attrib, $element->getAttribute($attrib)); + $element->removeAttribute($attrib); + } + } + protected function add_attr($tag, $valuePairs, $document) { $elements = $document->getElementsByTagName($tag); -- cgit v1.2.3