Trim whitespace around values of event handler attributes.

author Juriy Zaytsev <kangax@gmail.com>

Thu, 11 Feb 2010 20:43:18 +0000 (15:43 -0500)

committer Juriy Zaytsev <kangax@gmail.com>

Thu, 11 Feb 2010 20:43:18 +0000 (15:43 -0500)
author Juriy Zaytsev <kangax@gmail.com>
Thu, 11 Feb 2010 20:43:18 +0000 (15:43 -0500)
committer Juriy Zaytsev <kangax@gmail.com>
Thu, 11 Feb 2010 20:43:18 +0000 (15:43 -0500)
diff --git a/src/htmlminifier.js b/src/htmlminifier.js

index d9b419b..e2321c2 100644 (file)
--- a/src/htmlminifier.js
+++ b/src/htmlminifier.js
@@ -78,7 +78,7 @@
    
    function cleanAttributeValue(tag, attrName, attrValue) {
      if (/^on[a-z]+/.test(attrName)) {
-      return attrValue.replace(/^\s*javascript:/i, '');
+      return trimWhitespace(attrValue.replace(/^\s*javascript:\s*/i, ''));
      }
      if (attrName === 'class') {
        // trim and collapse whitesapce
diff --git a/tests/index.html b/tests/index.html

index 862ce3b..d2b567b 100644 (file)
--- a/tests/index.html
+++ b/tests/index.html
@@ -167,13 +167,7 @@
          });
          
          test('cleaning attributes', function(){
-          var input = '<p onclick="javascript:alert(1)">x</p>';
-          equals(minify(input, { cleanAttributes: true }), '<p onclick="alert(1)">x</p>');
-          
-          input = '<p onclick="javascript:x">x</p>';
-          equals(minify(input, { cleanAttributes: true, removeAttributeQuotes: true }), '<p onclick=x>x</p>');
-          
-          input = '<p class=" foo bar  ">foo bar baz</p>';
+          var input = '<p class=" foo bar  ">foo bar baz</p>', output;
            equals(minify(input, { cleanAttributes: true }), '<p class="foo bar">foo bar baz</p>');
            
            input = '<p class=" foo      ">foo bar baz</p>';
@@ -185,6 +179,24 @@
            
            input = '<p class="\n  \n foo   \n\n\t  \t\n  class1 class-23 ">foo bar baz</p>';
            equals(minify(input, { cleanAttributes: true }), '<p class="foo class1 class-23">foo bar baz</p>');
+          
+          input = '<a href="#" onclick="  window.prompt(\'boo\'); " onmouseover=" \n\n alert(123);  \t \n\t  ">blah</a>';
+          output = '<a href="#" onclick="window.prompt(\'boo\');" onmouseover="alert(123);">blah</a>';
+          equals(minify(input, { cleanAttributes: true }), output);
+        });
+        
+        test('removing redundant attributes (... = "javascript: ...")', function(){
+          var input = '<p onclick="javascript:alert(1)">x</p>';
+          equals(minify(input, { cleanAttributes: true }), '<p onclick="alert(1)">x</p>');
+          
+          input = '<p onclick="javascript:x">x</p>';
+          equals(minify(input, { cleanAttributes: true, removeAttributeQuotes: true }), '<p onclick=x>x</p>');
+          
+          input = '<p onclick=" JavaScript: x">x</p>';
+          equals(minify(input, { cleanAttributes: true }), '<p onclick="x">x</p>');
+          
+          input = '<p title="javascript:(function(){ /* some stuff here */ })()">x</p>';
+          equals(minify(input, { cleanAttributes: true }), input);
          });
          
          test('removing attribute quotes', function(){
@@ -252,6 +264,8 @@
            equals(minify(input, { removeEmptyElements: true }), output);
          });
          
+        
+        
        })(this);
      </script>
    </body>
author	Juriy Zaytsev <kangax@gmail.com>
	Thu, 11 Feb 2010 20:43:18 +0000 (15:43 -0500)
committer	Juriy Zaytsev <kangax@gmail.com>
	Thu, 11 Feb 2010 20:43:18 +0000 (15:43 -0500)
src/htmlminifier.js		patch \| blob \| history
tests/index.html		patch \| blob \| history