From http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-... :
You can't parse [X]HTML with regex. Because HTML can't be parsed by regex. Regex is not a tool that can be used to correctly parse HTML. As I have answered in HTML-and-regex questions here so many times before, the use of regex will not allow you to consume HTML. Regular expressions are a tool that is insufficiently sophisticated to understand the constructs employed by HTML. HTML is not a regular language and hence cannot be parsed by regular expressions. Regex queries are not equipped to break down HTML into its meaningful parts. so many times but it is not getting to me. Even enhanced irregular regular expressions as used by Perl are not up to the task of parsing HTML. You will never make me crack. HTML is a language of sufficient complexity that it cannot be parsed by regular expressions. Even Jon Skeet cannot parse HTML using regular expressions. Every time you attempt to parse HTML with regular expressions, the unholy child weeps the blood of virgins, and Russian hackers pwn your webapp. Parsing HTML with regex summons tainted souls into the realm of the living. HTML and regex go together like love, marriage, and ritual infanticide. The cannot hold it is too late. The force of regex and HTML together in the same conceptual space will destroy your mind like so much watery putty. If you parse HTML with regex you are giving in to Them and their blasphemous ways which doom us all to inhuman toil for the One whose Name cannot be expressed in the Basic Multilingual Plane, he comes. HTML-plus-regexp will liquify the nerves of the sentient whilst you observe, your psyche withering in the onslaught of horror. Rege̿̔̉x-based HTML parsers are the cancer that is killing StackOverflow it is too late it is too late we cannot be saved the trangession of a chi͡ld ensures regex will consume all living tissue (except for HTML which it cannot, as previously prophesied) dear lord help us how can anyone survive this scourge using regex to parse HTML has doomed humanity to an eternity of dread torture and security holes using regex as a tool to process HTML establishes a breach between this world and the dread realm of c͒ͪo͛ͫrrupt entities (like SGML entities, but more corrupt) a mere glimpse of the world of regex parsers for HTML will instantly transport a programmer's consciousness into a world of ceaseless screaming, he comes, the pestilent slithy regex-infection will devour your HTML parser, application and existence for all time like Visual Basic only worse he comes he comes do not fight he com̡e̶s, ̕h̵is un̨ho͞ly radiańcé destro҉ying all enli̍̈́̂̈́ghtenment, HTML tags lea͠ki̧n͘g fr̶ǫm ̡yo͟ur eye͢s̸ ̛l̕ik͏e liquid pain, the song of re̸gular expression parsing will extinguish the voices of mortal man from the sphere I can see it can you see ̲͚̖͔̙î̩́t̲͎̩̱͔́̋̀ it is beautiful the final snuffing of the lies of Man ALL IS LOŚ͖̩͇̗̪̏̈́T ALL IS LOST the pon̷y he comes he c̶̮omes he comes the ichor permeates all MY FACE MY FACE ᵒh god no NO NOO̼OO NΘ stop the an*̶͑̾̾̅ͫ͏̙̤g͇̫͛͆̾ͫ̑͆l͖͉̗̩̳̟̍ͫͥͨe̠̅s ͎a̧͈͖r̽̾̈́͒͑e not rè̑ͧ̌aͨl̘̝̙̃ͤ͂̾̆ ZA̡͊͠͝LGΌ ISͮ̂҉̯͈͕̹̘̱ TO͇̹̺ͅƝ̴ȳ̳ TH̘Ë͖́̉ ͠P̯͍̭O̚N̐Y̡ H̸̡̪̯ͨ͊̽̅̾̎Ȩ̬̩̾͛ͪ̈́̀́͘ ̶̧̨̱̹̭̯ͧ̾ͬC̷̙̲̝͖ͭ̏ͥͮ͟Oͮ͏̮̪̝͍M̲̖͊̒ͪͩͬ̚̚͜Ȇ̴̟̟͙̞ͩ͌͝S̨̥̫͎̭ͯ̿̔̀ͅ
Have you tried using an XML parser instead?
Comment | File | Size | Author |
---|---|---|---|
#2 | 1276042_2.patch | 461 bytes | chx |
Comments
Comment #1
chx CreditAttribution: chx commentedWe have a meticulously crafted, painstakingly ported piece of an HTML parser in
filter_xss
. Then, you doreturn preg_replace('|<([^> ]*)/>|i', '<$1 />', $body_content);
. What were you thinking?Comment #2
chx CreditAttribution: chx commentedDigging the issue queue finds this comment
"The XHTML guidelines recommend to include a space before the trailing / and > of empty elements for better rendering on HTML user agents.
. Recommend. OK. We disregard that happily. 'Cos, you know, you just can't do that. Not easily at least.Comment #3
chx CreditAttribution: chx commentedComment #4
chx CreditAttribution: chx commentedTo clarify further this preg changes user facing data like in my example. While it's totally cool to mangle HTML as much as we like but changing the contents is not so cool.
Comment #5
chx CreditAttribution: chx commentedAnd to further clarify the reason this is major because I want attention. Yes, adding a space there is a minor bug but the mindset itself is a bug.
Comment #6
Damien Tournoud CreditAttribution: Damien Tournoud commentedWell, this regexp was not in my initial design, because the goal was precisely to remove the text parsing we do on "HTML". This said, this is a regexp on a *valid* XML document, so what do you think the problem is exactly?
^ This is *not* a valid XML document.
Comment #7
chx CreditAttribution: chx commentedhttp://www.w3.org/TR/xml/#sec-attribute-types
the attribute value can be anything. Edit:
Passes http://validator.w3.org/check as XHTML 1.0 Strict.
Comment #8
pillarsdotnet CreditAttribution: pillarsdotnet commentedTotally agreed, although the issue summary seems a bit ... repetitive.
Comment #9
chx CreditAttribution: chx commented@pillardotsnet, the issue summar looks like because even "some of the most skilled core developers" per http://drupal.org/node/1274838#comment-4974502 don't get it. So I try....
Comment #10
klausithis one was committed to D8: http://drupalcode.org/project/drupal.git/commit/bb01b39
assigning to 7.x queue
Comment #11
sunAs far as I can see, the only intention of this line was to prettify the HTML tags. But that's just a wild guess. As usual, there's no code comment explaining why it's done... did anyone care to look up why that line was added?
Because of that, I think the RTBC and commit here was a bit too fast.
Anyway, restoring tag and status.
Comment #12
pillarsdotnet CreditAttribution: pillarsdotnet commentedYes, chx did, and reported in #2:
I don't know whether you failed to read his comment or simply doubted his conclusion, but here is an exhaustive history of that bit of code:
He said:
Here is the relevant chunk of the interdiff between 374441-refactor-html-corrector_11.patch from #33 and 374441-refactor-html-corrector_12.patch from #35:
Comment #13
pillarsdotnet CreditAttribution: pillarsdotnet commentedAs an aside, there are a lot of other places in the same file where preg is used on html:
$text = preg_replace_callback('`<!--(.*?)-->`s', '_filter_url_escape_comments', $text);
$chunks = preg_split('/(<.+?>)/is', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
$chunks[$i] = preg_replace_callback($pattern, $task, $chunks[$i]);
$text = preg_replace_callback('`<!--(.*?)-->`', '_filter_url_escape_comments', $text);
$chunks = preg_split('@(<!--.*?-->|</?(?:pre|script|style|object|iframe|!--)[^>]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
list($tag) = preg_split('/[ >]/', substr($chunk, 2 - $open), 2);
I'm sure that each of them have their own history.
Comment #14
webchickI'm not inclined to commit this to D7, unless we can prove that it actually fixes something (e.g. there's a test that passes with the patch and fails without). While I'm all about clean-ups (esp. in D8), the comments pillarsdotnet dug up seem to imply this was done very deliberately with an eye towards compatibility with older browsers which, unfortunately, D7 still has to deal with (IE6--).
Marking needs review for now to give sun/chx a chance to respond, but I'd be perfectly happy with D8 + fixed and leave it at that.
Comment #15
sunFYI: @webchick is explicitly referring to http://www.w3.org/TR/xhtml1/#C_2 -- that's essentially the kind of input I was asking for in #11
Comment #15.0
sunadded a blockquote.
Comment #16
mgiffordLet's close this then for D7. It's been 3 years with no feedback to push this along.
Please reopen this if, as @webchick says "we can prove that it actually fixes something".
Comment #17
chx CreditAttribution: chx commentedSo if I don't push an issue forward then it's going to rot based on out of context code examples -- if anyone would've checked the code examples in #13 then it's either filter_url commented to death or _filter_autop which stretches back before the dawn of time and is actually quite battle tested and solid. I even provided the example where the preg fails and yet it's questioned what it fixes. And people ask on twitter why my avatar is crying. I am so out of this issue.