Restrict HTML namespace

nielsdos · nielsdos · commit 3da8a49c6d7c · 2024-04-28T23:38:08.000+02:00
diff --git a/ext/dom/element.c b/ext/dom/element.c
@@ -1879,13 +1879,35 @@ PHP_METHOD(DOM_Element, rename)
 		goto cleanup;
 	}
 
-	/* Check for duplicate attributes. */
 	if (nodep->type == XML_ATTRIBUTE_NODE) {
+		/* Check for duplicate attributes. */
 		xmlAttrPtr existing = xmlHasNsProp(nodep->parent, localname, namespace_uri && ZSTR_VAL(namespace_uri)[0] != '\0' ? BAD_CAST ZSTR_VAL(namespace_uri) : NULL);
 		if (existing != NULL && existing != (xmlAttrPtr) nodep) {
 			php_dom_throw_error_with_message(INVALID_MODIFICATION_ERR, "An attribute with the given name in the given namespace already exists", /* strict */ true);
 			goto cleanup;
 		}
+	} else {
+		ZEND_ASSERT(nodep->type == XML_ELEMENT_NODE);
+
+		/* Check for moving to or away from of the HTML namespace. */
+		bool is_currently_html_ns = php_dom_ns_is_fast(nodep, php_dom_ns_is_html_magic_token);
+		bool will_be_html_ns = namespace_uri != NULL && zend_string_equals_literal(namespace_uri, DOM_XHTML_NS_URI);
+		if (is_currently_html_ns != will_be_html_ns) {
+			if (is_currently_html_ns) {
+				php_dom_throw_error_with_message(
+					INVALID_MODIFICATION_ERR,
+					"It is not possible to move an element out of the HTML namespace because the HTML namespace is tied to the HTMLElement class",
+					/* strict */ true
+				);
+			} else {
+				php_dom_throw_error_with_message(
+					INVALID_MODIFICATION_ERR,
+					"It is not possible to move an element into the HTML namespace because the HTML namespace is tied to the HTMLElement class",
+					/* strict */ true
+				);
+			}
+			goto cleanup;
+		}
 	}
 
 	php_libxml_invalidate_node_list_cache(intern->document);
diff --git a/ext/dom/tests/modern/extensions/Element_renaming_html_ns_01.phpt b/ext/dom/tests/modern/extensions/Element_renaming_html_ns_01.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Element renaming interaction with the HTML namespace 01
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+
+$dom = DOM\XMLDocument::createEmpty();
+$el = $dom->createElementNS("http://www.w3.org/1999/xhtml", "foo:bar");
+$el->rename("http://www.w3.org/1999/xhtml", "foo:baz");
+var_dump($el->nodeName, $el->namespaceURI, $el->prefix);
+
+// Very subtly *not* the HTML namespace!
+$el = $dom->createElementNS("http://www.w3.org/1999/xhtml/", "foo:bar");
+$el->rename("urn:x", "foo:baz");
+var_dump($el->nodeName, $el->namespaceURI, $el->prefix);
+
+?>
+--EXPECT--
+string(7) "foo:baz"
+string(28) "http://www.w3.org/1999/xhtml"
+string(3) "foo"
+string(7) "foo:baz"
+string(5) "urn:x"
+string(3) "foo"
diff --git a/ext/dom/tests/modern/extensions/Element_renaming_html_ns_02.phpt b/ext/dom/tests/modern/extensions/Element_renaming_html_ns_02.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Element renaming interaction with the HTML namespace 02
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+
+$dom = DOM\XMLDocument::createEmpty();
+$el = $dom->createElementNS("http://www.w3.org/1999/xhtml", "foo:bar");
+try {
+    $el->rename("urn:a", "foo:baz");
+} catch (DOMException $e) {
+    echo $e->getMessage(), "\n";
+}
+$el = $dom->createElementNS("urn:a", "foo:bar");
+try {
+    $el->rename("http://www.w3.org/1999/xhtml", "foo:baz");
+} catch (DOMException $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+It is not possible to move an element out of the HTML namespace because the HTML namespace is tied to the HTMLElement class
+It is not possible to move an element into the HTML namespace because the HTML namespace is tied to the HTMLElement class
