bug #54513 [HtmlSanitizer] Ignore Processing Instructions (smnandre)

fabpot · fabpot · commit 00ba3ad7a4e5 · 2024-04-08T12:57:41.000+02:00
This PR was merged into the 6.4 branch. Discussion ---------- [HtmlSanitizer] Ignore Processing Instructions | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #54492 | License | MIT Ignore Processing Instructions (as comments) to avoid mixing them with standard DOM nodes (see #54492) (targetting 6.4 as the component was released in 6.1)) Commits ------- 3582bdd [HtmlSanitizer] Ignore Processing Instructions
diff --git a/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php b/src/Symfony/Component/HtmlSanitizer/Tests/HtmlSanitizerAllTest.php
@@ -309,6 +309,12 @@ public static function provideSanitizeBody()
                 'Lorem ipsum  ',
             ],
 
+            // Processing instructions
+            [
+                'Lorem ipsum<?div x?>foo',
+                'Lorem ipsumfoo',
+            ],
+
             // Normal tags
             [
                 '<abbr>Lorem ipsum</abbr>',
diff --git a/src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php b/src/Symfony/Component/HtmlSanitizer/Visitor/DomVisitor.php
@@ -134,9 +134,10 @@ private function visitChildren(\DOMNode $domNode, Cursor $cursor): void
             if ('#text' === $child->nodeName) {
                 // Add text directly for performance
                 $cursor->node->addChild(new TextNode($cursor->node, $child->nodeValue));
-            } elseif (!$child instanceof \DOMText) {
+            } elseif (!$child instanceof \DOMText && !$child instanceof \DOMProcessingInstruction) {
                 // Otherwise continue the visit recursively
                 // Ignore comments for security reasons (interpreted differently by browsers)
+                // Ignore processing instructions (treated as comments)
                 $this->visitNode($child, $cursor);
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -134,9 +134,10 @@ private function visitChildren(\DOMNode $domNode, Cursor $cursor): void`
`134`	`134`	`if ('#text' === $child->nodeName) {`
`135`	`135`	`// Add text directly for performance`
`136`	`136`	`$cursor->node->addChild(new TextNode($cursor->node, $child->nodeValue));`
`137`		`- } elseif (!$child instanceof \DOMText) {`
	`137`	`+ } elseif (!$child instanceof \DOMText && !$child instanceof \DOMProcessingInstruction) {`
`138`	`138`	`// Otherwise continue the visit recursively`
`139`	`139`	`// Ignore comments for security reasons (interpreted differently by browsers)`
	`140`	`+ // Ignore processing instructions (treated as comments)`
`140`	`141`	`$this->visitNode($child, $cursor);`
`141`	`142`	`}`
`142`	`143`	`}`