Skip to content

Commit

Permalink
Merge commit from fork
Browse files Browse the repository at this point in the history
  • Loading branch information
oleibman authored Dec 27, 2024
1 parent 700a803 commit 45052f8
Show file tree
Hide file tree
Showing 7 changed files with 74 additions and 4 deletions.
9 changes: 5 additions & 4 deletions src/PhpSpreadsheet/Writer/Html.php
Original file line number Diff line number Diff line change
Expand Up @@ -403,12 +403,12 @@ public function generateHTMLHeader(bool $includeStyles = false): string
} else {
$propertyValue = (string) $propertyValue;
}
$html .= self::generateMeta($propertyValue, "custom.$propertyQualifier.$customProperty");
$html .= self::generateMeta($propertyValue, htmlspecialchars("custom.$propertyQualifier.$customProperty"));
}
}

if (!empty($properties->getHyperlinkBase())) {
$html .= ' <base href="' . $properties->getHyperlinkBase() . '" />' . PHP_EOL;
$html .= ' <base href="' . htmlspecialchars($properties->getHyperlinkBase()) . '" />' . PHP_EOL;
}

$html .= $includeStyles ? $this->generateStyles(true) : $this->generatePageDeclarations(true);
Expand Down Expand Up @@ -1586,8 +1586,9 @@ private function generateRow(Worksheet $worksheet, array $values, int $row, stri
// Hyperlink?
if ($worksheet->hyperlinkExists($coordinate) && !$worksheet->getHyperlink($coordinate)->isInternal()) {
$url = $worksheet->getHyperlink($coordinate)->getUrl();
$urldecode = strtolower(html_entity_decode(trim($url), encoding: 'UTF-8'));
$parseScheme = preg_match('/^(\\w+):/', $urldecode, $matches);
$urlDecode1 = html_entity_decode($url, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
$urlTrim = preg_replace('/^\\s+/u', '', $urlDecode1) ?? $urlDecode1;
$parseScheme = preg_match('/^([\\w\\s]+):/u', strtolower($urlTrim), $matches);
if ($parseScheme === 1 && !in_array($matches[1], ['http', 'https', 'file', 'ftp', 's3'], true)) {
$cellData = htmlspecialchars($url, Settings::htmlEntityFlags());
} else {
Expand Down
23 changes: 23 additions & 0 deletions tests/PhpSpreadsheetTests/Writer/Html/BadCustomPropertyTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?php

declare(strict_types=1);

namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;

use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
use PHPUnit\Framework\TestCase;

class BadCustomPropertyTest extends TestCase
{
public function testBadCustomProperty(): void
{
$reader = new XlsxReader();
$infile = 'tests/data/Reader/XLSX/sec-q229.dontuse';
$spreadsheet = $reader->load($infile);
$writer = new HtmlWriter($spreadsheet);
$html = $writer->generateHtmlAll();
self::assertStringContainsString('<meta name="custom.string.custom_property&quot;&gt;&lt;img src=1 onerror=alert()&gt;" content="test" />', $html);
$spreadsheet->disconnectWorksheets();
}
}
23 changes: 23 additions & 0 deletions tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkBaseTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?php

declare(strict_types=1);

namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;

use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
use PHPUnit\Framework\TestCase;

class BadHyperlinkBaseTest extends TestCase
{
public function testBadHyperlinkBase(): void
{
$reader = new XlsxReader();
$infile = 'tests/data/Reader/XLSX/sec-p66w.dontuse';
$spreadsheet = $reader->load($infile);
$writer = new HtmlWriter($spreadsheet);
$html = $writer->generateHtmlAll();
self::assertStringContainsString('<base href="&quot;&gt;&lt;img src=1 onerror=alert()&gt;" />', $html);
$spreadsheet->disconnectWorksheets();
}
}
23 changes: 23 additions & 0 deletions tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?php

declare(strict_types=1);

namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;

use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
use PHPUnit\Framework\TestCase;

class BadHyperlinkTest extends TestCase
{
public function testBadHyperlink(): void
{
$reader = new XlsxReader();
$infile = 'tests/data/Reader/XLSX/sec-j47r.dontuse';
$spreadsheet = $reader->load($infile);
$writer = new HtmlWriter($spreadsheet);
$html = $writer->generateHtmlAll();
self::assertStringContainsString("<td class=\"column0 style1 f\">jav\tascript:alert()</td>", $html);
$spreadsheet->disconnectWorksheets();
}
}
Binary file added tests/data/Reader/XLSX/sec-j47r.dontuse
Binary file not shown.
Binary file added tests/data/Reader/XLSX/sec-p66w.dontuse
Binary file not shown.
Binary file added tests/data/Reader/XLSX/sec-q229.dontuse
Binary file not shown.

0 comments on commit 45052f8

Please sign in to comment.