Add the list of known elements

1 year ago · 8446fa3a50
1 changed files with 4 additions and 2 deletions
--- a/lib/AbstractSanitizer.php
+++ b/lib/AbstractSanitizer.php
@ -33,8 +33,10 @@ abstract class AbstractSanitizer {
    protected const XML_NAMESPACE = "http://www.w3.org/XML/1998/namespace";
    /** @var string The XMLNS namespace */
    protected const XMLNS_NAMESPACE = "http://www.w3.org/2000/xmlns/";
-    /** @var string The null namespace; we use a null character as this is a hashable value in PHP (null is not), while it is an illegal character in XML and thus will not appear in a legitimate namespace URI */
-    protected const NULL_NAMESPACE = "\x00";
+    /** @var string The null namespace; we use the empty string because it is explicitly not a valid namespace name; see https://www.w3.org/TR/REC-xml-names/#iri-use */
+    protected const NULL_NAMESPACE = "";
+    /** @var array The set of known HTML elements, used to determine what the `allowUnknownMarkup` setting applies to */
+    protected const KNOWN_ELEMENTS_HTML = ['a' => true, 'abbr' => true, 'acronym' => true, 'address' => true, 'applet' => true, 'area' => true, 'article' => true, 'aside' => true, 'audio' => true, 'b' => true, 'base' => true, 'basefont' => true, 'bdi' => true, 'bdo' => true, 'bgsound' => true, 'big' => true, 'blink' => true, 'blockquote' => true, 'body' => true, 'br' => true, 'button' => true, 'canvas' => true, 'caption' => true, 'center' => true, 'cite' => true, 'code' => true, 'col' => true, 'colgroup' => true, 'data' => true, 'datalist' => true, 'dd' => true, 'del' => true, 'details' => true, 'dfn' => true, 'dialog' => true, 'dir' => true, 'div' => true, 'dl' => true, 'dt' => true, 'em' => true, 'embed' => true, 'fieldset' => true, 'figcaption' => true, 'figure' => true, 'font' => true, 'footer' => true, 'form' => true, 'frame' => true, 'frameset' => true, 'h1' => true, 'h2' => true, 'h3' => true, 'h4' => true, 'h5' => true, 'h6' => true, 'head' => true, 'header' => true, 'hgroup' => true, 'hr' => true, 'html' => true, 'i' => true, 'iframe' => true, 'img' => true, 'input' => true, 'ins' => true, 'isindex' => true, 'kbd' => true, 'keygen' => true, 'label' => true, 'legend' => true, 'li' => true, 'link' => true, 'listing' => true, 'main' => true, 'map' => true, 'mark' => true, 'marquee' => true, 'menu' => true, 'menuitem' => true, 'meta' => true, 'meter' => true, 'multicol' => true, 'nav' => true, 'nextid' => true, 'nobr' => true, 'noembed' => true, 'noframes' => true, 'noscript' => true, 'object' => true, 'ol' => true, 'optgroup' => true, 'option' => true, 'output' => true, 'p' => true, 'param' => true, 'picture' => true, 'plaintext' => true, 'pre' => true, 'progress' => true, 'q' => true, 'rb' => true, 'rp' => true, 'rt' => true, 'rtc' => true, 'ruby' => true, 's' => true, 'samp' => true, 'script' => true, 'search' => true, 'section' => true, 'select' => true, 'slot' => true, 'small' => true, 'source' => true, 'spacer' => true, 'span' => true, 'strike' => true, 'strong' => true, 'style' => true, 'sub' => true, 'summary' => true, 'sup' => true, 'table' => true, 'tbody' => true, 'td' => true, 'template' => true, 'textarea' => true, 'tfoot' => true, 'th' => true, 'thead' => true, 'time' => true, 'title' => true, 'tr' => true, 'track' => true, 'tt' => true, 'u' => true, 'ul' => true, 'var' => true, 'video' => true, 'wbr' => true, 'xmp' => true];
    /** @var array The default configuration structure */
    protected const DEFAULT_CONF = [
        'allowElements' => [