Ensure srcset dimensions are greater than zero

schlessera · schlessera · commit c8501227d50a · 2020-09-17T07:55:09.000+02:00
diff --git a/includes/sanitizers/class-amp-srcset-sanitizer.php b/includes/sanitizers/class-amp-srcset-sanitizer.php
@@ -19,7 +19,7 @@ class AMP_Srcset_Sanitizer extends AMP_Base_Sanitizer {
 	 *
 	 * @var string
 	 */
-	const SRCSET_REGEX_PATTERN = '/\s*(?:,\s*)?(?<url>[^,\s]\S*[^,\s])\s*(?<dimension>[\d]+[wx]|[\d]+\.[\d]+x)?\s*(?<comma>,)?\s*/';
+	const SRCSET_REGEX_PATTERN = '/\s*(?:,\s*)?(?<url>[^,\s]\S*[^,\s])\s*(?<dimension>[1-9]\d*[wx]|[1-9]\d*\.\d+x|0.\d*[1-9]\d*x)?\s*(?<comma>,)?\s*/';
 
 	/**
 	 * Sanitize the HTML contained in the DOMDocument received by the constructor
diff --git a/tests/php/test-class-amp-srcset-sanitizer.php b/tests/php/test-class-amp-srcset-sanitizer.php
@@ -62,7 +62,7 @@ public function data_sanitize() {
 				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_ATTR_VALUE ],
 			],
 
-			'amp_img_srcset_invalid_bare_dimension'     => [
+			'amp_img_srcset_invalid_dimension_unit'     => [
 				'<img src="https://example.com/image.jpg" height="100" width="200" srcset="https://example.com/image.jpg 500px">',
 				'<img src="https://example.com/image.jpg" height="100" width="200">',
 				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_ATTR_VALUE ],
@@ -86,6 +86,18 @@ public function data_sanitize() {
 				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_ATTR_VALUE ],
 			],
 
+			'amp_img_srcset_invalid_zero_width'         => [
+				'<img src="https://example.com/image.jpg" height="100" width="200" srcset="https://example.com/image.jpg 0w">',
+				'<img src="https://example.com/image.jpg" height="100" width="200">',
+				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_ATTR_VALUE ],
+			],
+
+			'amp_img_srcset_invalid_zero_pixel_density' => [
+				'<img src="https://example.com/image.jpg" height="100" width="200" srcset="https://example.com/image.jpg 0.0x">',
+				'<img src="https://example.com/image.jpg" height="100" width="200">',
+				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_ATTR_VALUE ],
+			],
+
 			'amp_img_srcset_valid_pixel_density'        => [
 				'<img src="https://example.com/image.jpg" height="100" width="200" srcset="https://example.com/image.jpg 5x">',
 				null,
@@ -96,6 +108,11 @@ public function data_sanitize() {
 				null,
 			],
 
+			'amp_img_srcset_valid_float_pixel_density_with_leading_zero' => [
+				'<img src="https://example.com/image.jpg" height="100" width="200" srcset="https://example.com/image.jpg 0.002x">',
+				null,
+			],
+
 			'amp_img_srcset_invalid_tokens'             => [
 				'<img src="https://example.com/image.jpg" height="100" width="200" srcset="bad bad">',
 				'<img src="https://example.com/image.jpg" height="100" width="200">',

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ class AMP_Srcset_Sanitizer extends AMP_Base_Sanitizer {`
`19`	`19`	`*`
`20`	`20`	`* @var string`
`21`	`21`	`*/`
`22`		`- const SRCSET_REGEX_PATTERN = '/\s(?:,\s)?(?<url>[^,\s]\S[^,\s])\s(?<dimension>[\d]+[wx]\|[\d]+\.[\d]+x)?\s(?<comma>,)?\s/';`
	`22`	`+ const SRCSET_REGEX_PATTERN = '/\s(?:,\s)?(?<url>[^,\s]\S[^,\s])\s(?<dimension>[1-9]\d[wx]\|[1-9]\d\.\d+x\|0.\d[1-9]\dx)?\s(?<comma>,)?\s/';`
`23`	`23`
`24`	`24`	`/**`
`25`	`25`	`* Sanitize the HTML contained in the DOMDocument received by the constructor`