Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#6 XHTML parser requires space before closing />

open
None
7
2005-04-23
2005-04-23
Ulf Harnhammar
No

From: "Marco Bonetti" <mbonetti@gmail.com> [ Date:
Fri, 22 Apr 2005 19:38:59 +0200

Ulf, list, hello.

I'm trying to filter some malformed XHTML-style image
tags which lack
a space between the last attribute and the closing "/>".

I'm using the following filter array:

$allowed = array(
'img' => array(
'src' =>1,
'alt' => 1,
'width' =>1,
'height'=>1)
);

...and while this will pass the kses filter as expected:

<img src="http://www.tuaw.com/images/2005/04/safari.jpg" />

... this one won't!:

<img src="http://www.tuaw.com/images/2005/04/safari.jpg"/>

(Note: no space after the src attribute).

For the latter input and the above filter array, kses
will return:

<img>

Wondering, is this a bug or the expected behaviour?

Thank you,

-Marco

Discussion

  • Ulf Harnhammar
    Ulf Harnhammar
    2005-04-23

    • assigned_to: nobody --> metaur
     
  • Logged In: YES
    user_id=122231

    This is quite a problem with a lot of images. Has anyone
    hacked their kses to make this work?

    Seems like even the kses.php that ships with Wordpress still
    has this issue.

     
  • Anthony Wood
    Anthony Wood
    2007-05-27

    Logged In: YES
    user_id=1586619
    Originator: NO

    I found this patch to work:

    --- kses-0.2.2/kses.php 2005-02-06 21:16:20.000000000 -0500
    +++ kses.php 2007-05-26 23:03:39.984375000 -0400
    @@ -103,7 +103,7 @@

    $slash = trim($matches[1]);
    $elem = $matches[2];
    - $attrlist = $matches[3];
    + $attrlist = trim($matches[3]); # AW: remove space after tag

    if (!@isset($allowed_html[strtolower($elem)]))
    return '';
    @@ -131,8 +131,11 @@
    # Is there a closing XHTML slash at the end of the attributes?

    $xhtml_slash = '';
    - if (preg_match('%\s/\s*$%', $attr))
    + if (preg_match('%/\s*$%', $attr)) # AW: do not require space before /
    + {
    $xhtml_slash = ' /';
    + $attr = preg_replace('%/\s*$%', '', $attr); # AW: remove slash from end for attr parsing
    + }