ezyang · ezyang · Jul 31, 2024 · Jul 29, 2024 · Jul 29, 2024
diff --git a/library/HTMLPurifier/Token/Tag.php b/library/HTMLPurifier/Token/Tag.php
@@ -44,7 +44,7 @@ public function __construct($name, $attr = array(), $line = null, $col = null, $
         $this->name = ctype_lower($name) ? $name : strtolower($name);
         foreach ($attr as $key => $value) {
             // normalization only necessary when key is not lowercase
-            if (!ctype_lower($key)) {
+            if (!ctype_lower((string)$key)) {
                 $new_key = strtolower($key);
                 if (!isset($attr[$new_key])) {
                     $attr[$new_key] = $attr[$key];

diff --git a/tests/HTMLPurifier/HTMLDefinitionTest.php b/tests/HTMLPurifier/HTMLDefinitionTest.php
@@ -222,6 +222,17 @@ public function test_AllowedAttributes_multipleErrors()
         $this->assertPurification_AllowedAttributes_local_p_style();
     }
 
+    public function test_AllowedAttributes_invalidAttributeDueToConsistingOfNumbers_UsingDirectLex()
+    {
+        $this->config->set('HTML.AllowedElements', array('a'));
+        $this->config->set('HTML.AllowedAttributes', 'href');
+        $this->config->set('Core.LexerImpl', 'DirectLex');
+        $this->assertPurification(
+            '<a href="https://example.com/" 10="hoge">Test</a>',
+            '<a href="https://example.com/">Test</a>'
+        );
+    }
+
     public function test_ForbiddenElements()
     {
         $this->config->set('HTML.ForbiddenElements', 'b');