Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DirectLex will cause PHP error #393

Open
lenhatthanh20 opened this issue Dec 21, 2023 · 2 comments
Open

DirectLex will cause PHP error #393

lenhatthanh20 opened this issue Dec 21, 2023 · 2 comments

Comments

@lenhatthanh20
Copy link

lenhatthanh20 commented Dec 21, 2023

if (!ctype_lower($key)) {

Hello,
When I use HTML Purifier with Core.LexerImpl = DirectLex, The PHP error will cause in above line when I purify the below data:
<a href="https://example.com/" 10="hoge">Test</a>
Because the key of attribute is non-string value. So the PHP error will be occured.
Ref: https://www.php.net/manual/en/function.ctype-lower.php

Please help to fix it.
I think we can fix it by using quick typecast in the Tag.php file:
$key = (string)$key;

Or remove the attribute if the key is non-string value.

Thank you so much

@bytestream
Copy link
Contributor

What is the value of $attr and $key if you dump the values? It's perhaps something to do with 10 not being a valid attribute name.

@lenhatthanh20
Copy link
Author

lenhatthanh20 commented Dec 23, 2023

When I dump the value:

  • The $key is 10 (non-string)
  • The $value is hoge

In my example, the attribute key is 10 and the value is hoge. I know the attribute key 10 is invalid because it is a non-string.
But my expected is:

  • Output: <a href="https://example.com/">Test</a> (remove invalid attribute 10)
  • There is no PHP error or warning.

@lenhatthanh20 lenhatthanh20 changed the title DirectLex will cause PHP error with declare(strict_types=1); DirectLex will cause PHP error Dec 25, 2023
matsuo added a commit to matsuo/htmlpurifier that referenced this issue Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants