img: fix srcset pattern and src default value#9
Conversation
htmLawed.php
Outdated
| if ('srcset' === $k) { | ||
| $v2 = ''; | ||
| $pattern = "/(?:[^\"'\s]+\s*(?:\d+w|\d+(?:\.\d+)?x)+)/"; | ||
| $pattern = "/(?:[^\"',\s]+(?:\s(?:\d+w|\d+(?:\.\d+)?x))?)/"; |
There was a problem hiding this comment.
Ugh, this really needs test coverage. If I am reading https://html.spec.whatwg.org/multipage/images.html#srcset-attribute right, it should be \s+.
There was a problem hiding this comment.
Hm indeed, I'll rework it and I'll try to add tests
|
|
||
| // rqd attr | ||
| static $eAR = ['area' => ['alt' => 'area'], 'bdo' => ['dir' => 'ltr'], 'command' => ['label' => ''], 'form' => ['action' => ''], 'img' => ['src' => '', 'alt' => 'image'], 'map' => ['name' => ''], 'optgroup' => ['label' => ''], 'param' => ['name' => ''], 'style' => ['scoped' => ''], 'textarea' => ['rows' => '10', 'cols' => '50']]; | ||
| static $eAR = ['area' => ['alt' => 'area'], 'bdo' => ['dir' => 'ltr'], 'command' => ['label' => ''], 'form' => ['action' => ''], 'img' => ['src' => 'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==', 'alt' => 'image'], 'map' => ['name' => ''], 'optgroup' => ['label' => ''], 'param' => ['name' => ''], 'style' => ['scoped' => ''], 'textarea' => ['rows' => '10', 'cols' => '50']]; |
There was a problem hiding this comment.
Sounds good to me, reading https://html.spec.whatwg.org/multipage/embedded-content.html#attr-img-src
See https://developer.mozilla.org/en-US/docs/Web/HTML/Element/Img#attr-srcset Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
Thus it will prevent invalid value to be inserted when trying to fix img tags. Before this change the line: <img alt="Hello world"> led to: <img alt="Hello world" src="src"> Now, the src attribute will be initialized with the value: data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
j0k3r
left a comment
j0k3r
left a comment
There was a problem hiding this comment.
You should stay on v3.4.0 for friendsofphp/php-cs-fixer to avoid the 7.4 bump.
As it's a dev deps, I think it's preferable to keep 7.2 compats.
Maybe you should also lower PHPUnit?
| with: | ||
| php-version: "${{ matrix.php }}" | ||
| coverage: none | ||
| tools: pecl, composer:v1 |
There was a problem hiding this comment.
| tools: pecl, composer:v1 | |
| tools: pecl, composer:v2 |
There was a problem hiding this comment.
Ahh good catch, just forgot it. Fixed.
|
@j0k3r I've updated the lock file to keep support of PHP 7.2 and 7.3. Interesting thing to note: I was forced to call |
@j0k3r not sure of the usage of the property, should I fix it before merging this PR or is it fine for now? |
|
I still prefer to define it so nobody will have error if they update the proches using a higher version of PHP. |
|
Looks good to me! |
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
3 participants
The first change updates srcset pattern to support URL without any descriptor as it is supported by the standard, see https://developer.mozilla.org/en-US/docs/Web/HTML/Element/Img#attr-srcset
The second change sets the default img src value to an empty gif. Without this change, HTMLawed adds
src="src"to invalid tags which can lead to unexpected behaviors on browsers or http client (e.g. Graby).Note: this PR is based on #8