Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not lcase element or attribute names that match SVG or MathML name… #206

Merged
merged 2 commits into from
Jul 13, 2020
Merged

Do not lcase element or attribute names that match SVG or MathML name… #206

merged 2 commits into from
Jul 13, 2020

Conversation

mikesamuel
Copy link
Contributor

…s exactly

Currently all names are converted to lowercase which is ok when
you're using it for HTML only, but if there is an SVG image nested
inside the HTML it breaks. For example, when viewBox attribute is
converted to viewbox the image is not displayed correctly.

This commit splits HtmlLexer.canonicalName into variants which preserve
items on whitelists derived from the SVG and MathML specifications, and
adjusts callers of canonicalName to use the appropriate variant.

Fixes #182

@wookie41 @zeeneir do you have an example that I can turn into a unit test?

@mikesamuel
Do not lcase element or attribute names that match SVG or MathML name…
247cdb6 
…s exactly

> Currently all names are converted to lowercase which is ok when
> you're using it for HTML only, but if there is an SVG image nested
> inside the HTML it breaks.  For example, when `viewBox` attribute is
> converted to `viewbox` the image is not displayed correctly.

This commit splits *HtmlLexer*.*canonicalName* into variants which preserve
items on whitelists derived from the SVG and MathML specifications, and
adjusts callers of *canonicalName* to use the appropriate variant.

Fixes #182
@zeeneir
Copy link

zeeneir commented Jul 3, 2020

Simple test for viewBox:

    PolicyFactory policyFactory = new HtmlPolicyBuilder()
            .allowElements("svg")
            .allowAttributes("viewBox").onElements("svg")
            .toFactory();
    String svg = "<svg viewBox=\"0 0 0 0\"></svg>";
    assertEquals(svg, policyFactory.sanitize(svg));

@mikesamuel
Copy link
Contributor Author

@zeeneir Added tests. Let me know if this PR solves your problem.

@zeeneir
Copy link

zeeneir commented Jul 3, 2020

Looks good to me. Thanks a lot!

@mikesamuel mikesamuel merged commit eb6ef02 into main Jul 13, 2020
@mikesamuel mikesamuel deleted the svg-mathml-mixed-case-names branch July 13, 2020 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Preserve the casing of tags and attributes names.
2 participants
@mikesamuel @zeeneir