Only for "keywords" and "description" meta tags "content" attr should be treated as string

mekras · mekras · commit 43b3eb3c2d81 · 2017-04-30T00:12:52.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,8 +2,11 @@
 
 ## Unreleased
 
-- HtmlFilter: <script> content should be filtered out.
+### Fixed
 
+- HtmlFilter: <script> content should be filtered out.
+- HtmlFilter: only for "keywords" and "description" meta tags "content" attr should be treated as
+  string.
 
 ## 1.7.1 - 2017-05-01
 
diff --git a/src/Source/Filter/HtmlFilter.php b/src/Source/Filter/HtmlFilter.php
@@ -64,6 +64,16 @@ class HtmlFilter implements Filter
         'title'
     ];
 
+    /**
+     * Meta tag names with text content.
+     *
+     * @var string[]
+     */
+    static private $textMetaTags = [
+        'description',
+        'keywords'
+    ];
+
     /**
      * Filter string.
      *
@@ -78,7 +88,7 @@ public function filter($string)
         $result = '';
 
         $string = $this->filterEntities($string);
-        $string = $this->filterHttpEquivMetaTags($string);
+        $string = $this->filterMetaTags($string);
 
         // Current/last tag name
         $tagName = null;
@@ -208,18 +218,24 @@ function ($match) {
     }
 
     /**
-     * Replace meta tags with HTTP header equivalents.
+     * Replace non-text meta tags.
      *
      * @param string $string
      *
      * @return string
      */
-    private function filterHttpEquivMetaTags($string)
+    private function filterMetaTags($string)
     {
         return preg_replace_callback(
-            '/<meta[^>]+http-equiv=[^>]+>/i',
+            '/<meta[^>]+(http-equiv\s*=|name\s*=\s*["\']?([^>"\']+))[^>]*>/i',
             function ($match) {
-                return str_repeat(' ', strlen($match[0]));
+                if (count($match) < 3
+                    || !in_array(strtolower($match[2]), self::$textMetaTags, true)
+                ) {
+                    return str_repeat(' ', strlen($match[0]));
+                }
+
+                return $match[0];
             },
             $string
         );
diff --git a/tests/Source/Filter/HtmlFilterTest.php b/tests/Source/Filter/HtmlFilterTest.php
@@ -39,10 +39,12 @@ public function testMetaContent()
         $html =
             '<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html" />' . "\n" .
             '<meta name="Keywords" content="Foo">' . "\n" .
+            '<meta name="foo" content="Foobar">' . "\n" .
             '<meta name="description" content="Bar">';
         $text =
             "                                                      \n" .
             "                               Foo  \n" .
+            "                                  \n" .
             '                                  Bar  ';
         static::assertEquals($text, $filter->filter($html));
     }
