Skip to content

Commit

Permalink
IBX-8891: XML link validator in rich-text does not allow to use "tel: "
Browse files Browse the repository at this point in the history
  • Loading branch information
@vidarl
vidarl committed Sep 19, 2024
1 parent a0206b8 commit d0a170a
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 25 deletions.
15 changes: 4 additions & 11 deletions src/lib/eZ/RichText/Resources/schemas/docbook/docbook.iso.sch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,20 +253,13 @@
<s:let name="lowerCase" value="'abcdefghijklmnopqrstuvwxyz'"/>
<s:rule context="db:link">
<!-- Using translate() because we don't have XPath 2, so we can't use lower-case(). -->
<s:assert test="starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'http://') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'https://') or
<s:assert test="starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'http') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'mailto:') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezcontent://') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezlocation://') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezremote://') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezurl://') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'tel:') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ez') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '/') or
starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '#')"
mode="schematron-get-full-path-2">links must start with one of: http://, https://, mailto:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #</s:assert>
<s:assert test="not(contains(@*[name()='xlink:href'], '&lt;') or
contains(@*[name()='xlink:href'], '&gt;') or
contains(@*[name()='xlink:href'], '&quot;'))"
mode="schematron-get-full-path-2">using characters [&lt; &gt; &quot;] in links is not allowed</s:assert>
mode="schematron-get-full-path-2">links must start with one of: http://, https://, mailto:, tel:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #</s:assert>
</s:rule>
</s:pattern>
</s:schema>
5 changes: 1 addition & 4 deletions src/lib/eZ/RichText/Resources/schemas/docbook/docbook.iso.sch.xsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,4 @@
<axsl:template match="db:link" priority="1000" mode="M3"><svrl:fired-rule xmlns:svrl="http://purl.oclc.org/dsdl/svrl" context="db:link"/>

<!--ASSERT -->
<axsl:choose><axsl:when test="starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'http://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'https://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'mailto:') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezcontent://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezlocation://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezremote://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezurl://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '/') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '#')"/><axsl:otherwise><svrl:failed-assert xmlns:svrl="http://purl.oclc.org/dsdl/svrl" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:schold="http://www.ascc.net/xml/schematron" test="starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'http://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'https://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'mailto:') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezcontent://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezlocation://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezremote://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ezurl://') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '/') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '#')"><axsl:attribute name="location"><axsl:apply-templates select="." mode="schematron-get-full-path-2"/></axsl:attribute><svrl:text>links must start with one of: http://, https://, mailto:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #</svrl:text></svrl:failed-assert></axsl:otherwise></axsl:choose>

<!--ASSERT -->
<axsl:choose><axsl:when test="not(contains(@*[name()='xlink:href'], '&lt;') or contains(@*[name()='xlink:href'], '&gt;') or contains(@*[name()='xlink:href'], '&quot;'))"/><axsl:otherwise><svrl:failed-assert xmlns:svrl="http://purl.oclc.org/dsdl/svrl" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:schold="http://www.ascc.net/xml/schematron" test="not(contains(@*[name()='xlink:href'], '&lt;') or contains(@*[name()='xlink:href'], '&gt;') or contains(@*[name()='xlink:href'], '&quot;'))"><axsl:attribute name="location"><axsl:apply-templates select="." mode="schematron-get-full-path-2"/></axsl:attribute><svrl:text>using characters [&lt; &gt; "] in links is not allowed</svrl:text></svrl:failed-assert></axsl:otherwise></axsl:choose><axsl:apply-templates select="*|comment()|processing-instruction()" mode="M3"/></axsl:template><axsl:template match="text()" priority="-1" mode="M3"/><axsl:template match="@*|node()" priority="-2" mode="M3"><axsl:apply-templates select="*|comment()|processing-instruction()" mode="M3"/></axsl:template></axsl:stylesheet>
<axsl:choose><axsl:when test="starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'http') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'mailto:') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'tel:') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ez') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '/') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '#')"/><axsl:otherwise><svrl:failed-assert xmlns:svrl="http://purl.oclc.org/dsdl/svrl" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:schold="http://www.ascc.net/xml/schematron" test="starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'http') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'mailto:') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'tel:') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), 'ez') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '/') or starts-with(translate(@*[name()='xlink:href'], $upperCase, $lowerCase), '#')"><axsl:attribute name="location"><axsl:apply-templates select="." mode="schematron-get-full-path-2"/></axsl:attribute><svrl:text>links must start with one of: http://, https://, mailto:, tel:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #</svrl:text></svrl:failed-assert></axsl:otherwise></axsl:choose><axsl:apply-templates select="*|comment()|processing-instruction()" mode="M3"/></axsl:template><axsl:template match="text()" priority="-1" mode="M3"/><axsl:template match="@*|node()" priority="-2" mode="M3"><axsl:apply-templates select="*|comment()|processing-instruction()" mode="M3"/></axsl:template></axsl:stylesheet>
13 changes: 3 additions & 10 deletions tests/lib/eZ/FieldType/RichTextTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ public function providerForTestValidate()
[
new ValidationError(
"Validation of XML content failed:\n" .
'/section/para/link: links must start with one of: http://, https://, mailto:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #',
'/section/para/link: links must start with one of: http://, https://, mailto:, tel:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #',
null,
[],
'xml'
Expand All @@ -239,7 +239,7 @@ public function providerForTestValidate()
[
new ValidationError(
"Validation of XML content failed:\n" .
'/section/para/link: links must start with one of: http://, https://, mailto:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #',
'/section/para/link: links must start with one of: http://, https://, mailto:, tel:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #',
null,
[],
'xml'
Expand All @@ -252,13 +252,6 @@ public function providerForTestValidate()
<para><link xlink:href="https://example.com/foo&lt;bar">link</link></para>
</section>',
[
new ValidationError(
"Validation of XML content failed:\n" .
'/section/para/link: using characters [< > "] in links is not allowed',
null,
[],
'xml'
),
],
],
[
Expand All @@ -269,7 +262,7 @@ public function providerForTestValidate()
[
new ValidationError(
"Validation of XML content failed:\n" .
'/section/para/link: links must start with one of: http://, https://, mailto:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #',
'/section/para/link: links must start with one of: http://, https://, mailto:, tel:, ezcontent://, ezlocation://, ezremote://, ezurl://, /, #',
null,
[],
'xml'
Expand Down

0 comments on commit d0a170a

Please sign in to comment.