HtmlFilter: <script> content should be filtered out

mekras · mekras · commit bebe5dc75bdf · 2017-04-29T23:02:22.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ## Unreleased
 
+- HtmlFilter: <script> content should be filtered out.
+
+
 ## 1.7.1 - 2017-05-01
 
 ### Fixed
diff --git a/src/Source/Filter/HtmlFilter.php b/src/Source/Filter/HtmlFilter.php
@@ -16,6 +16,15 @@
  */
 class HtmlFilter implements Filter
 {
+    /**
+     * Ignore content of these tags.
+     *
+     * @var string[]
+     */
+    static private $ignoreTags = [
+        'script'
+    ];
+
     /**
      * Attrs with text contents.
      *
@@ -66,7 +75,9 @@ public function filter($string)
                     break;
 
                 case '>' === $char:
-                    $context = null;
+                    $context = 'tag_name' === $context && $this->isIgnoredTag($tagName)
+                        ? 'ignored_tag_content'
+                        : null;
                     $expecting = null;
                     $char = ' ';
                     break;
@@ -130,6 +141,10 @@ public function filter($string)
                         case 'attr_value':
                             $char = ' ';
                             break;
+
+                        case 'ignored_tag_content':
+                            $char = ' ';
+                            break;
                     }
             }
             $result .= $char;
@@ -173,4 +188,22 @@ function ($match) {
             $string
         );
     }
+
+    /**
+     * Return true if $name is in the list of ignored tags.
+     *
+     * @param string $name Tag name.
+     *
+     * @return bool
+     */
+    private function isIgnoredTag($name)
+    {
+        foreach (self::$ignoreTags as $tag) {
+            if (strcasecmp($tag, $name) === 0) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }
diff --git a/tests/Source/Filter/HtmlFilterTest.php b/tests/Source/Filter/HtmlFilterTest.php
@@ -46,4 +46,15 @@ public function testMetaContent()
             '                                  Bar  ';
         static::assertEquals($text, $filter->filter($html));
     }
+
+    /**
+     * <script> content should be filtered out.
+     */
+    public function testScript()
+    {
+        $filter = new HtmlFilter();
+        $html = "<p>Foo</p>\n<script>Bar Baz\nBuz</script>";
+        $text = "   Foo    \n               \n            ";
+        static::assertEquals($text, $filter->filter($html));
+    }
 }
