Skip to content

Commit

Permalink
[HtmlSanitizer] Ignore Processing Instructions
Browse files Browse the repository at this point in the history
  • Loading branch information
smnandre committed Apr 6, 2024
1 parent 83e1dc8 commit bc4f7c4
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
6 changes: 6 additions & 0 deletions Tests/HtmlSanitizerAllTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,12 @@ public static function provideSanitizeBody()
'Lorem ipsum ',
],

// Processing instructions
[
'Lorem ipsum<?div x?>foo',
'Lorem ipsumfoo',
],

// Normal tags
[
'<abbr>Lorem ipsum</abbr>',
Expand Down
3 changes: 2 additions & 1 deletion Visitor/DomVisitor.php
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,10 @@ private function visitChildren(\DOMNode $domNode, Cursor $cursor): void
if ('#text' === $child->nodeName) {
// Add text directly for performance
$cursor->node->addChild(new TextNode($cursor->node, $child->nodeValue));
} elseif (!$child instanceof \DOMText) {
} elseif (!$child instanceof \DOMText && !$child instanceof \DOMProcessingInstruction) {
// Otherwise continue the visit recursively
// Ignore comments for security reasons (interpreted differently by browsers)
// Ignore processing instructions (treated as comments)
$this->visitNode($child, $cursor);
}
}
Expand Down

0 comments on commit bc4f7c4

Please sign in to comment.