double css commands in htmlpruifier about htmlpurifier HOT 4 CLOSED

Browser behavior is to take the last command, so that's what HTML Purifier does too.

Support for double commands should be easy to implement (just stop putting the finished CSS properties in a property-based array, see library/HTMLPurifier/AttrDef/CSS.php but it needs to be gated behind a configuration option.)

from htmlpurifier.

OK, fixed with new config CSS.AllowDuplicates.

from htmlpurifier.

Thanks! You said for point 1 that HTML Purifier return last command. I can't this confirm. Show my code and result of it:

    $config = HTMLPurifier_Config::createDefault();
    $config->set('Filter.ExtractStyleBlocks', TRUE);
    $purifier = new HTMLPurifier($config);
    $html = $purifier->purify('<style>.test{color:red;color:blue;color:green;}</style>');
    $output_css = $purifier->context->get('StyleBlocks');
    echo $output_css[0];

Result is:

.test {
color:#FF0000
}

#FF0000 is red and the first command.

from htmlpurifier.

Oh. I know what's going on, and the patch I just pushed isn't going to help you. The problem is that for ExtractStyleBlocks, CSS parsing is done by CSSTidy, which seems to incorrectly deduplicate duplicate styles. There's not much I can do to fix this, since CSSTidy is not my project. I wonder if https://github.com/Cerdic/CSSTidy has fixed this bug; they might be interested in a no-deduplicate mode.

from htmlpurifier.