When purifying HTML containing an anchor tag containing only the fragment component, an E_DEPRECATED error is emitted from the host blacklist if it's configured. Depending on the application config, this may get upgraded to an ErrorException and cause a crash, but that's not relevant to the underlying issue.
HTMLPurifier version: v4.14.0 (found on an earlier version but updated to latest release to be sure)
Uncaught exception: ErrorException: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /var/www/html/vendor/ezyang/htmlpurifier/library/HTMLPurifier/URIFilter/HostBlacklist.php:38
Simple reproduce case:
<?php
require 'vendor/autoload.php';
$pc = HTMLPurifier_Config::create([
'HTML.Allowed' => 'a[href]',
'URI.HostBlacklist' => [
'example.com',
],
]);
$p = new HTMLPurifier($pc);
var_dump($p->purify(<<<HTML
<a href="#fn-1">Footnote </a>
HTML));Possible fix: cast $uri->host to string on the mentioned line.
Update - related to #310 I think.
When purifying HTML containing an anchor tag containing only the fragment component, an
E_DEPRECATEDerror is emitted from the host blacklist if it's configured. Depending on the application config, this may get upgraded to an ErrorException and cause a crash, but that's not relevant to the underlying issue.HTMLPurifier version:
v4.14.0(found on an earlier version but updated to latest release to be sure)Simple reproduce case:
Possible fix: cast
$uri->hostto string on the mentioned line.Update - related to #310 I think.