Fix srcset parsing when url contains commas

We split the parsing logic in two separate steps:
1/ Get all candidates and loop over them
2/ Eject candidates with their descriptor is invalid

Signed-off-by: Kevin Decherf <[email protected]>

Author: Kdecherf

htmLawed.php

@@ -814,12 +814,19 @@ function hl_tag($t)
                 $v = str_replace('­', ' ', (false !== strpos($v, '&') ? str_replace(['­', '­', '­'], ' ', $v) : $v)); // double-quoted char: soft-hyphen; appears here as "­" or hyphen or something else depending on viewing software
                 if ('srcset' === $k) {
                     $v2 = '';
-                    $pattern = "/(?:\s*[^\"',\s]+(?:\s+(?:\d+w|\d+(?:\.\d+)?x)\s*)?)/";
+                    // Following pattern tries to implement srcset spec
+                    // See https://html.spec.whatwg.org/dev/images.html#srcset-attributes
+                    // See https://html.spec.whatwg.org/#parse-a-srcset-attribute
+                    $pattern = "/(?:\s*(?:[^,\s][^\s]*[^,\s])(?:\s*\S*\s*))(?:,|$)/";
                     preg_match_all($pattern, $v, $matches);
                     $matches = call_user_func_array('array_merge', $matches);
                     foreach ($matches as $k1 => $v1) {
-                        $v1 = explode(' ', ltrim($v1), 2);
+                        $v1 = explode(' ', trim($v1, ', '), 2);
                         $k1 = isset($v1[1]) ? trim($v1[1]) : '';
+                        if ('' !== $k1 && !preg_match('/(?:\d+(?:\.\d*)?[wx])/', $k1)) {
+                            // We remove candidates with an invalid descriptor
+                            continue;
+                        }
                         $v1 = trim($v1[0]);
                         if (isset($v1[0])) {
                             $v2 .= hl_prot($v1, $k) . (empty($k1) ? '' : ' ' . $k1) . ', ';

tests/HTMLawedTest.php

@@ -11,11 +11,16 @@ public function dataForImgSrcsetAttribute()
                 '<div><img src="a.jpg" alt="image a" srcset="a.jpg 100w, b.jpg 450w" /></div>',
             ],
             'srcset with pixel ratio density' => [
+                '<div><img src="a.jpg" alt="image a" srcset="a.jpg, b.jpg 1.5x,c.jpg 2x" /></div>',
                 '<div><img src="a.jpg" alt="image a" srcset="a.jpg, b.jpg 1.5x, c.jpg 2x" /></div>',
             ],
             'srcset with invalid descriptor' => [
                 '<div><img src="a.jpg" alt="image a" srcset=" a.jpg ,   b.jpg x2" /></div>',
-                '<div><img src="a.jpg" alt="image a" srcset="a.jpg, b.jpg, x2" /></div>',
+                '<div><img src="a.jpg" alt="image a" srcset="a.jpg" /></div>',
+            ],
+            'srcset with commas in resource path' => [
+                '<div><img src="a.jpg" alt="image a" srcset="a.jpg,c_120 100w,b.jpg 450w" /></div>',
+                '<div><img src="a.jpg" alt="image a" srcset="a.jpg,c_120 100w, b.jpg 450w" /></div>',
             ],
         ];
     }
@@ -27,6 +32,6 @@ public function testImgSrcsetAttribute($input, $expectedOutput = null)
     {
         $output = htmLawed($input);
 
-        $this->assertSame($output, $expectedOutput ?: $input);
+        $this->assertSame($expectedOutput ?: $input, $output);
     }
 }