Merge pull request tgalopin#16 from tgalopin/details-ext

tgalopin · web-flow · commit 2d17c0185484 · 2018-11-28T19:09:33.000+01:00
Add a new extension for "details" and "summary" tags
diff --git a/docs/1-getting-started.md b/docs/1-getting-started.md
@@ -36,11 +36,11 @@ enable to allow specific tags in the content (read the next part to learn more a
 ## Extensions
 
 Extensions are a way to quickly add sets of tags to the whitelist of allowed tags.
-There are 7 core extensions that you can enable by adding them in your configuration:
+There are 8 core extensions that you can enable by adding them in your configuration:
 
 ```php
 $sanitizer = HtmlSanitizer\Sanitizer::create([
-    'extensions' => ['basic', 'code', 'image', 'list', 'table', 'iframe', 'extra'],
+    'extensions' => ['basic', 'code', 'image', 'list', 'table', 'iframe', 'details', 'extra'],
 ]);
 $safeHtml = $sanitizer->sanitize($untrustedHtml);
 ```
@@ -57,6 +57,7 @@ Here is the list of tags each extension allow:
 - **image** allows the insertion of images: `img`
 - **code** allows the insertion of code blocks: `pre`, `code`
 - **iframe** allows the insertion of iframes: `iframe`
+- **details** allows the insertion of view/hide blocks: `details`, `summary`
 - **extra** allows the insertion of the following tags: `abbr`, `caption`, `hr`, `rp`, `rt`, `ruby`
 
 > Note: sensible attributes are allowed by default for each tag (for instance, the `src` attribute is
diff --git a/docs/3-configuration-reference.md b/docs/3-configuration-reference.md
@@ -17,7 +17,7 @@ $sanitizer = HtmlSanitizer\Sanitizer::create([
     /*
      * List of extensions to enable on this sanitizer.
      */
-    'extensions' => ['basic', 'list', 'table', 'image', 'code', 'iframe', 'extra'],
+    'extensions' => ['basic', 'list', 'table', 'image', 'code', 'iframe', 'details', 'extra'],
 
     /*
      * Configuration for specific tags.
@@ -69,6 +69,9 @@ $sanitizer = HtmlSanitizer\Sanitizer::create([
         'del' => [
             'allowed_attributes' => [],
         ],
+        'details' => [
+            'allowed_attributes' => ['open'],
+        ],
         'div' => [
             'allowed_attributes' => [],
         ],
@@ -190,6 +193,9 @@ $sanitizer = HtmlSanitizer\Sanitizer::create([
         'sub' => [
             'allowed_attributes' => [],
         ],
+        'summary' => [
+            'allowed_attributes' => [],
+        ],
         'sup' => [
             'allowed_attributes' => [],
         ],
diff --git a/src/Extension/Details/DetailsExtension.php b/src/Extension/Details/DetailsExtension.php
@@ -0,0 +1,35 @@
+<?php
+
+/*
+ * This file is part of the HTML sanitizer project.
+ *
+ * (c) Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace HtmlSanitizer\Extension\Details;
+
+use HtmlSanitizer\Extension\ExtensionInterface;
+
+/**
+ * @author Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * @final
+ */
+class DetailsExtension implements ExtensionInterface
+{
+    public function getName(): string
+    {
+        return 'details';
+    }
+
+    public function createNodeVisitors(array $config = []): array
+    {
+        return [
+            'details' => new NodeVisitor\DetailsNodeVisitor($config['tags']['details'] ?? []),
+            'summary' => new NodeVisitor\SummaryNodeVisitor($config['tags']['summary'] ?? []),
+        ];
+    }
+}
diff --git a/src/Extension/Details/Node/DetailsNode.php b/src/Extension/Details/Node/DetailsNode.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the HTML sanitizer project.
+ *
+ * (c) Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace HtmlSanitizer\Extension\Details\Node;
+
+use HtmlSanitizer\Node\AbstractTagNode;
+use HtmlSanitizer\Node\HasChildrenTrait;
+
+/**
+ * @author Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * @final
+ */
+class DetailsNode extends AbstractTagNode
+{
+    use HasChildrenTrait;
+
+    public function getTagName(): string
+    {
+        return 'details';
+    }
+
+    public function render(): string
+    {
+        $isOpen = null !== $this->getAttribute('open');
+
+        return '<details'.($isOpen ? ' open="open"' : '').'>'.$this->renderChildren().'</details>';
+    }
+}
diff --git a/src/Extension/Details/Node/SummaryNode.php b/src/Extension/Details/Node/SummaryNode.php
@@ -0,0 +1,30 @@
+<?php
+
+/*
+ * This file is part of the HTML sanitizer project.
+ *
+ * (c) Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace HtmlSanitizer\Extension\Details\Node;
+
+use HtmlSanitizer\Node\AbstractTagNode;
+use HtmlSanitizer\Node\HasChildrenTrait;
+
+/**
+ * @author Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * @final
+ */
+class SummaryNode extends AbstractTagNode
+{
+    use HasChildrenTrait;
+
+    public function getTagName(): string
+    {
+        return 'summary';
+    }
+}
diff --git a/src/Extension/Details/NodeVisitor/DetailsNodeVisitor.php b/src/Extension/Details/NodeVisitor/DetailsNodeVisitor.php
@@ -0,0 +1,44 @@
+<?php
+
+/*
+ * This file is part of the HTML sanitizer project.
+ *
+ * (c) Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace HtmlSanitizer\Extension\Details\NodeVisitor;
+
+use HtmlSanitizer\Extension\Details\Node\DetailsNode;
+use HtmlSanitizer\Model\Cursor;
+use HtmlSanitizer\Node\NodeInterface;
+use HtmlSanitizer\Visitor\AbstractNodeVisitor;
+use HtmlSanitizer\Visitor\HasChildrenNodeVisitorTrait;
+use HtmlSanitizer\Visitor\NamedNodeVisitorInterface;
+
+/**
+ * @author Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * @final
+ */
+class DetailsNodeVisitor extends AbstractNodeVisitor implements NamedNodeVisitorInterface
+{
+    use HasChildrenNodeVisitorTrait;
+
+    protected function getDomNodeName(): string
+    {
+        return 'details';
+    }
+
+    public function getDefaultAllowedAttributes(): array
+    {
+        return ['open'];
+    }
+
+    protected function createNode(\DOMNode $domNode, Cursor $cursor): NodeInterface
+    {
+        return new DetailsNode($cursor->node);
+    }
+}
diff --git a/src/Extension/Details/NodeVisitor/SummaryNodeVisitor.php b/src/Extension/Details/NodeVisitor/SummaryNodeVisitor.php
@@ -0,0 +1,39 @@
+<?php
+
+/*
+ * This file is part of the HTML sanitizer project.
+ *
+ * (c) Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace HtmlSanitizer\Extension\Details\NodeVisitor;
+
+use HtmlSanitizer\Extension\Details\Node\SummaryNode;
+use HtmlSanitizer\Model\Cursor;
+use HtmlSanitizer\Node\NodeInterface;
+use HtmlSanitizer\Visitor\AbstractNodeVisitor;
+use HtmlSanitizer\Visitor\HasChildrenNodeVisitorTrait;
+use HtmlSanitizer\Visitor\NamedNodeVisitorInterface;
+
+/**
+ * @author Titouan Galopin <galopintitouan@gmail.com>
+ *
+ * @final
+ */
+class SummaryNodeVisitor extends AbstractNodeVisitor implements NamedNodeVisitorInterface
+{
+    use HasChildrenNodeVisitorTrait;
+
+    protected function getDomNodeName(): string
+    {
+        return 'summary';
+    }
+
+    protected function createNode(\DOMNode $domNode, Cursor $cursor): NodeInterface
+    {
+        return new SummaryNode($cursor->node);
+    }
+}
diff --git a/src/Sanitizer.php b/src/Sanitizer.php
@@ -13,6 +13,7 @@
 
 use HtmlSanitizer\Extension\Basic\BasicExtension;
 use HtmlSanitizer\Extension\Code\CodeExtension;
+use HtmlSanitizer\Extension\Details\DetailsExtension;
 use HtmlSanitizer\Extension\Extra\ExtraExtension;
 use HtmlSanitizer\Extension\Iframe\IframeExtension;
 use HtmlSanitizer\Extension\Image\ImageExtension;
@@ -73,6 +74,7 @@ public static function create(array $config): SanitizerInterface
         $builder->registerExtension(new CodeExtension());
         $builder->registerExtension(new TableExtension());
         $builder->registerExtension(new IframeExtension());
+        $builder->registerExtension(new DetailsExtension());
         $builder->registerExtension(new ExtraExtension());
 
         return $builder->build($config);
diff --git a/tests/EmptySanitizerTest.php b/tests/EmptySanitizerTest.php
@@ -60,6 +60,14 @@ public function provideFixtures(): array
                 '<del class="foo">Lorem ipsum</del>',
                 'Lorem ipsum',
             ],
+            [
+                '<details class="foo">Lorem ipsum</details>',
+                'Lorem ipsum',
+            ],
+            [
+                '<details class="foo" open>Lorem ipsum</details>',
+                'Lorem ipsum',
+            ],
             [
                 '<div class="foo">Lorem ipsum dolor sit amet, consectetur adipisicing elit.</div>',
                 'Lorem ipsum dolor sit amet, consectetur adipisicing elit.',
@@ -180,6 +188,10 @@ public function provideFixtures(): array
                 '<strong class="foo">Lorem ipsum</strong>',
                 'Lorem ipsum',
             ],
+            [
+                '<summary class="foo">Lorem ipsum</summary>',
+                'Lorem ipsum',
+            ],
             [
                 '<b class="foo">Lorem ipsum</b>',
                 'Lorem ipsum',
diff --git a/tests/FullSanitizerTest.php b/tests/FullSanitizerTest.php
@@ -19,7 +19,7 @@ class FullSanitizerTest extends AbstractSanitizerTest
     public function createSanitizer(): SanitizerInterface
     {
         return Sanitizer::create([
-            'extensions' => ['basic', 'code', 'image', 'list', 'table', 'iframe', 'extra'],
+            'extensions' => ['basic', 'code', 'details', 'image', 'list', 'table', 'iframe', 'extra'],
             'tags' => [
                 'a' => [
                     'allowed_hosts' => ['trusted.com', 'external.com'],
@@ -87,6 +87,14 @@ public function provideFixtures(): array
                 '<del class="foo">Lorem ipsum</del>',
                 '<del>Lorem ipsum</del>',
             ],
+            [
+                '<details class="foo">Lorem ipsum</details>',
+                '<details>Lorem ipsum</details>',
+            ],
+            [
+                '<details class="foo" open>Lorem ipsum</details>',
+                '<details open="open">Lorem ipsum</details>',
+            ],
             [
                 '<div class="foo">Lorem ipsum dolor sit amet, consectetur adipisicing elit.</div>',
                 '<div>Lorem ipsum dolor sit amet, consectetur adipisicing elit.</div>',
@@ -223,6 +231,10 @@ public function provideFixtures(): array
                 '<strong class="foo">Lorem ipsum</strong>',
                 '<strong>Lorem ipsum</strong>',
             ],
+            [
+                '<summary class="foo">Lorem ipsum</summary>',
+                '<summary>Lorem ipsum</summary>',
+            ],
             [
                 '<b class="foo">Lorem ipsum</b>',
                 '<strong>Lorem ipsum</strong>',
