Version 1.2.1.1

Author: DaazKu

src/htmLawed/htmLawed.php

@@ -1,7 +1,7 @@
 <?php
 
 /*
-htmLawed 1.2, 11 February 2017
+htmLawed 1.2.1.1, 17 May 2017
 Copyright Santosh Patnaik
 Dual licensed with LGPL 3 and GPL 2+
 A PHP Labware internal utility - www.bioinformatics.org/phplabware/internal_utilities/htmLawed
@@ -858,7 +858,7 @@ function hl_tag($t) {
             if ($k == 'style' or !isset($aND[$k][$e])) {
                 continue;
             }
-            $v = str_replace(array('\\', ':', ';'), '', $v);
+            $v = str_replace(array('\\', ':', ';', '&#'), '', $v);
             if ($k == 'align') {
                 unset($a['align']);
                 if ($e == 'img' && ($v == 'left' or $v == 'right')) {
@@ -1078,5 +1078,5 @@ function hl_tidy($t, $w, $p) {
 
 function hl_version() {
 // version
-    return '1.2';
+    return '1.2.1.1';
 }

tests/SecurityTest.php

@@ -19,8 +19,8 @@ class SecurityTest extends \PHPUnit_Framework_TestCase {
      *
      */
     public function testDeprecatedAttributeInjection() {
-        $html = '<div align="center;display:block;"></div>';
-        $expected = '<div style="text-align: centerdisplayblock;"></div>';
+        $html = '<div align="1&#x3b; background&#x3a; red">dd</div>';
+        $expected = '<div style="text-align: 1x3b backgroundx3a red;">dd</div>';
 
         $filtered = Htmlawed::filter($html);
         $this->assertSame($expected, $filtered);