DisallowUnsupportedXSL: fixed the range of allowed characters in dyna…

…mic attributes
s9e · Dec 14, 2023 · e595860 · e595860
1 parent 62cf7cc
commit e595860
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 9 deletions.
diff --git a/docs/testdox.txt b/docs/testdox.txt
@@ -3278,9 +3278,10 @@ Disallow Unsupported XSL (s9e\TextFormatter\Tests\Configurator\TemplateChecks\Di
  [x] Allowed: <xsl:element name="x:div"/>
  [x] Disallowed: <xsl:element name="x div"/>
  [x] Disallowed: <xsl:element/>
- [x] Allowed: <b><xsl:attribute name="data-foo"/></b>
+ [x] Allowed: <b><xsl:attribute name="data-123foo"/></b>
  [x] Allowed: <b><xsl:attribute name="{@name}"/></b>
  [x] Disallowed: <b><xsl:attribute name="data foo"/></b>
+ [x] Disallowed: <b><xsl:attribute name="12foo"/></b>
  [x] Disallowed: <xsl:attribute/>
  [x] Allowed: <xsl:if test="foo and (bar or (baz mod (1 + 1)))"/>
 

diff --git a/src/Configurator/TemplateChecks/DisallowUnsupportedXSL.php b/src/Configurator/TemplateChecks/DisallowUnsupportedXSL.php
@@ -24,22 +24,26 @@ protected function checkXslApplyTemplatesElement(DOMElement $applyTemplates): vo
 		}
 	}
 
-	protected function checkXslCopyOfElement(DOMElement $copyOf): void
-	{
-		$this->requireAttribute($copyOf, 'select');
-	}
-
 	protected function checkXslAttributeElement(DOMElement $attribute): void
 	{
 		$this->requireAttribute($attribute, 'name');
 
+		// https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
+		// Simplified for convenience
+		$regexp = '(^(?=[{\\pL])(?:\\{[^\\}]++\\}|[^\\pC\\s"-,/;-@\\x{FDD0}-\\x{FDEF}\\x{FFFE}\\x{FFFF}\\x{1FFFE}\\x{1FFFF}\\x{2FFFE}\\x{2FFFF}\\x{3FFFE}\\x{3FFFF}\\x{4FFFE}\\x{4FFFF}\\x{5FFFE}\\x{5FFFF}\\x{6FFFE}\\x{6FFFF}\\x{7FFFE}\\x{7FFFF}\\x{8FFFE}\\x{8FFFF}\\x{9FFFE}\\x{9FFFF}\\x{AFFFE}\\x{AFFFF}\\x{BFFFE}\\x{BFFFF}\\x{CFFFE}\\x{CFFFF}\\x{DFFFE}\\x{DFFFF}\\x{EFFFE}\\x{EFFFF}\\x{FFFFE}\\x{FFFFF}\\x{10FFFE}\\x{10FFFF}])++$)Du';
+
 		$attrName = $attribute->getAttribute('name');
-		if (!preg_match('(^(?:\\{[^\\}]++\\}|[-.\\pL])++$)Du', $attrName))
+		if (!preg_match($regexp, $attrName))
 		{
 			throw new RuntimeException("Unsupported xsl:attribute name '" . $attrName . "'");
 		}
 	}
 
+	protected function checkXslCopyOfElement(DOMElement $copyOf): void
+	{
+		$this->requireAttribute($copyOf, 'select');
+	}
+
 	protected function checkXslElementElement(DOMElement $element): void
 	{
 		$this->requireAttribute($element, 'name');

diff --git a/tests/Configurator/TemplateChecks/DisallowUnsupportedXSLTest.php b/tests/Configurator/TemplateChecks/DisallowUnsupportedXSLTest.php
@@ -311,12 +311,12 @@ public function testElementMissingName()
 	}
 
 	/**
-	* @testdox Allowed: <b><xsl:attribute name="data-foo"/></b>
+	* @testdox Allowed: <b><xsl:attribute name="data-123foo"/></b>
 	* @doesNotPerformAssertions
 	*/
 	public function testAttributeCustomName()
 	{
-		$node = $this->loadTemplate('<b><xsl:attribute name="data-foo"/></b>');
+		$node = $this->loadTemplate('<b><xsl:attribute name="data-123foo"/></b>');
 		$check = new DisallowUnsupportedXSL;
 		$check->check($node, new Tag);
 	}
@@ -346,6 +346,20 @@ public function testAttributeCustomNameUnsupported()
 		$check->check($node, new Tag);
 	}
 
+	/**
+	* @testdox Disallowed: <b><xsl:attribute name="12foo"/></b>
+	*/
+	public function testAttributeUnsupportedNameStart()
+	{
+		$this->expectException('RuntimeException');
+		$this->expectExceptionMessage("Unsupported xsl:attribute name '12foo'");
+
+		$node = $this->loadTemplate('<b><xsl:attribute name="12foo"/></b>');
+
+		$check = new DisallowUnsupportedXSL;
+		$check->check($node, new Tag);
+	}
+
 	/**
 	* @testdox Disallowed: <xsl:attribute/>
 	*/