Bug #64348
closed
preg_replace in removeBadHTML crashes with lots of responsive image
0%
Description
We have a case where 6 images get rendered in 6 different sizes for responsive image in data-* variant. These get checked by removeBadHTML. In removeBadHTML the preg_replace crashes (return NULL) and thats why the content does not get outputted.
By reducing the amout of options in these line
'\'<\\w+.*?(onabort|onbeforeunload|onblur|onchange|onclick|ondblclick|ondragdrop|onerror|onfilterchange|onfocus|onhelp|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onmove|onreadystatechange|onreset|onresize|onscroll|onselect|onselectstart|onsubmit|onunload).*?>\'si'
we got it back working.
Files
Updated by Mathias Schreiber almost 10 years ago
- Target version set to 7.2 (Frontend)
Care to provide a patch?
Updated by Sebastian Fischer almost 10 years ago
As im not the greatest regex profi i would like to give the following into consideration:
'\'<\\w+.*?(on{4,16}=).*?>\'si',
This would search for all on(click,blur,...)= in the string and replaces the occurance.
If none is against this i could provide a review.
Updated by Gerrit Code Review almost 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36161
Updated by Mathias Brodala almost 10 years ago
Could this be the same issue as #64033?
Updated by Stephan Großberndt almost 10 years ago
Sebastian, please provide the string of one image you got preg_replace to crash with for testing.
Updated by Sebastian Fischer almost 10 years ago
I attached an html file with the exact contentpart that was broken after the preg_replace in removeBadHTML
Updated by Gerrit Code Review almost 10 years ago
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review almost 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by Gerrit Code Review over 9 years ago
Patch set 14 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36603
Updated by
Updated by Benni Mack over 9 years ago
- Target version changed from 7.2 (Frontend) to 7.4 (Backend)
Updated by Susanne Moog over 9 years ago
- Target version changed from 7.4 (Backend) to 7.5
Updated by Wouter Wolters over 8 years ago
- Status changed from Under Review to New
patch has been abandoned
Updated by Stephan Großberndt almost 7 years ago
removeBadHTML was marked as deprecated in TYPO3 v8.7 and removed in TYPO3 v9 with issue #15415
So the mentioned issue of preg_replace crashing in removeBadHTML could be addressed in TYPO3 v8.7 and could be maybe backported to 7.6 (not sure if security related?)
Updated by Oliver Hader over 5 years ago
- Status changed from New to Closed
removeBadHTML was a hardcoded and outdated collection of blacklisted literals to be removed in order to avoid XSS and similar - that's the reason why it has been dropped in TYPO3 v9 since it was incomplete. Besides encoding user submitted content using htmlspecialchars() (e.g. for attribute values) the HTMLParser could be used in order to purge disallowed attributes and tags in general (see https://docs.typo3.org/typo3cms/TyposcriptReference/Functions/Parsefunc.html)