[HtmlSanitizer] Fix node renderer handling of self-closing (void) elements

omniError · nicolas-grekas · commit ad3753142e84 · 2022-05-06T09:21:04.000+02:00
diff --git a/Tests/HtmlSanitizerAllTest.php b/Tests/HtmlSanitizerAllTest.php
@@ -237,16 +237,21 @@ public function provideSanitizeBody()
             ],
             [
                 '<BODY BACKGROUND="javascript:alert(\'XSS\')">',
-                '<body />',
+                '<body></body>',
             ],
             [
                 '<BGSOUND SRC="javascript:alert(\'XSS\');">',
-                '<bgsound />',
+                '<bgsound></bgsound>',
             ],
             [
                 '<BR SIZE="&{alert(\'XSS\')}">',
                 '<br size="&amp;{alert(&#039;XSS&#039;)}" />',
             ],
+            [
+                '<BR></br>',
+                '<br /><br />',
+            ],
+
             [
                 '<OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT>',
                 '',
@@ -445,6 +450,11 @@ public function provideSanitizeBody()
                 '<i>Lorem ipsum</i>',
                 '<i>Lorem ipsum</i>',
             ],
+            [
+                '<i></i>',
+                '<i></i>',
+            ],
+
             [
                 '<li>Lorem ipsum</li>',
                 '<li>Lorem ipsum</li>',
diff --git a/Visitor/Node/Node.php b/Visitor/Node/Node.php
@@ -20,6 +20,25 @@
  */
 final class Node implements NodeInterface
 {
+    // HTML5 elements which are self-closing
+    private const VOID_ELEMENTS = [
+        'area' => true,
+        'base' => true,
+        'br' => true,
+        'col' => true,
+        'embed' => true,
+        'hr' => true,
+        'img' => true,
+        'input' => true,
+        'keygen' => true,
+        'link' => true,
+        'meta' => true,
+        'param' => true,
+        'source' => true,
+        'track' => true,
+        'wbr' => true,
+    ];
+
     private NodeInterface $parent;
     private string $tagName;
     private array $attributes = [];
@@ -56,7 +75,7 @@ public function addChild(NodeInterface $node): void
 
     public function render(): string
     {
-        if (!$this->children) {
+        if (isset(self::VOID_ELEMENTS[$this->tagName])) {
             return '<'.$this->tagName.$this->renderAttributes().' />';
         }
 
