|&\#[xX]([0-9A-Fa-f]+);
|(&)/x';
+ /**
+ * Acceptable tag name charset from HTML5 parsing spec
+ * http://dev.w3.org/html5/spec-preview/tokenization.html#tag-open-state
+ */
+ const ELEMENT_BITS_REGEX = '!^(/?)([A-Za-z][^\t\n\v />\0]*+)([^>]*?)(/?>)([^<]*)$!';
+
/**
* Blacklist for evil uris like javascript:
* WARNING: DO NOT use this in any place that actually requires blacklisting
# $params: String between element name and >
# $brace: Ending '>' or '/>'
# $rest: Everything until the next element of $bits
- if ( preg_match( '!^(/?)([^\\s/>]+)([^>]*?)(/{0,1}>)([^<]*)$!', $x, $regs ) ) {
+ if ( preg_match( self::ELEMENT_BITS_REGEX, $x, $regs ) ) {
list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
} else {
$slash = $t = $params = $brace = $rest = null;
} else {
# this might be possible using tidy itself
foreach ( $bits as $x ) {
- preg_match(
- '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
- $x,
- $regs
- );
+ preg_match( self::ELEMENT_BITS_REGEX, $x, $regs );
wfSuppressWarnings();
list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
</p>
!! end
-# There is a tidy bug here: http://sourceforge.net/p/tidy/bugs/946/
+# The next two test different paths in the sanitizer.
!! test
Non-word characters don't terminate tag names (bug 17663, 40670, 52022)
!! wikitext
-<b→> doesn't work! </b→>
+<b→> doesn't terminate </b→>
-<bä> doesn't work! </bä>
+<bä> doesn't terminate </bä>
-<boo> works fine </boo>
+<boo> doesn't terminate </boo>
-<s.foo>s.foo</s.foo>
+<s.foo> doesn't terminate </s.foo>
<sub-ID#1>
!! html
-<p><b→> doesn't work! </b→>
-</p><p><bä> doesn't work! </bä>
-</p><p><boo> works fine </boo>
-</p><p><s.foo>s.foo</s.foo>
+<p><b→> doesn't terminate </b→>
+</p><p><bä> doesn't terminate </bä>
+</p><p><boo> doesn't terminate </boo>
+</p><p><s.foo> doesn't terminate </s.foo>
</p><p><sub-ID#1>
</p>
!! end
+# There is a tidy bug here: http://sourceforge.net/p/tidy/bugs/946/
+!! test
+Non-word characters don't terminate tag names + tidy
+!! wikitext
+<b→> doesn't terminate </b→>
+
+<bä> doesn't terminate </bä>
+
+<boo> doesn't terminate </boo>
+
+<s.foo> doesn't terminate </s.foo>
+
+<sub-ID#1>
+!! html+tidy
+<p><b→> doesn't terminate </b→></p>
+<p><bä> doesn't terminate </bä></p>
+<p><boo> doesn't terminate </boo></p>
+<p><s.foo> doesn't terminate </s.foo></p>
+<p><sub-ID#1></p>
+!! end
+
!! test
Isolated close tags should be treated as literal text (bug 52760)
!! wikitext
dépôts / lhc / web / wiklou.git / commitdiff