This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to annotated tag v1.030099_004
in repository libnet-openid-common-perl.

commit b3887df9dfd1f58259d0e3a1b920b6983fcc8066
Author: Roger Crew <c...@cs.stanford.edu>
Date:   Tue Sep 6 03:39:39 2011 -0700

    improved <head> parsing to skip CDATA and comments
---
 lib/Net/OpenID/Common.pm | 18 ++++++++++++++++++
 lib/Net/OpenID/Yadis.pm  |  8 ++------
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/lib/Net/OpenID/Common.pm b/lib/Net/OpenID/Common.pm
index ad957da..a97cb6e 100644
--- a/lib/Net/OpenID/Common.pm
+++ b/lib/Net/OpenID/Common.pm
@@ -196,4 +196,22 @@ sub get_dh {
     return $dh;
 }
 
+# HTML parsing
+sub _extract_head_markup_only {
+    my $htmlref = shift;
+
+    # kill all CDATA sections
+    $$htmlref =~ s/<!\[CDATA\[.*?\]\]>//sg;
+
+    # kill all comments
+    $$htmlref =~ s/<!--.*?-->//sg;
+    # ***FIX?*** Strictly speaking, SGML comments must have matched
+    # pairs of '--'s but almost nobody checks for this or even knows 
+
+    # trim everything past the body.  this is in case the user doesn't
+    # have a head document and somebody was able to inject their own
+    # head.  -- brad choate
+    $$htmlref =~ s/<body\b.*//is;
+}
+
 1;
diff --git a/lib/Net/OpenID/Yadis.pm b/lib/Net/OpenID/Yadis.pm
index 14df9ca..90fdd97 100644
--- a/lib/Net/OpenID/Yadis.pm
+++ b/lib/Net/OpenID/Yadis.pm
@@ -8,6 +8,7 @@ use Carp ();
 use Net::OpenID::URIFetch;
 use XML::Simple;
 use Net::OpenID::Yadis::Service;
+use Net::OpenID::Common;
 
 our @EXPORT = qw(YR_HEAD YR_GET YR_XRDS);
 
@@ -108,12 +109,7 @@ sub _get_contents {
     my $self = shift;
     my  ($url, $final_url_ref, $content_ref, $headers_ref) = @_;
 
-    my $alter_hook = sub {
-        my $htmlref = shift;
-        $$htmlref =~ s/<body\b.*//is;
-    };
-
-    my $res = Net::OpenID::URIFetch->fetch($url, $self->consumer, $alter_hook);
+    my $res = Net::OpenID::URIFetch->fetch($url, $self->consumer, 
\&OpenID::util::_extract_head_markup_only);
 
     if ($res) {
         $$final_url_ref = $res->final_uri;

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libnet-openid-common-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to