Inconsistent behavior of SafeObject injector and SafeParam attributes transform

[miketsoft]

The purifier is incorrectly handling the <param name="allowfullscreen" value="false" /> by changing it to <param name="" value="" /> with a warning Passing null to parameter #xxx (xxx) of type string is deprecated in PHP >= 8.1. There is a problem with the inconsistency in HTMLPurifier/Injector/SafeObject and HTMLPurifier/AttrTransform/SafeParam: the injector accepts parameter names in a case-insensitive manner, while the attributes transformer treats them in a case-sensitive way. However, it's too late to filter such tags.

I've created a PR that includes a test case and proposed fixes (also fixed a bug, I think), along with my comments. I have opted for normalizing the parameter names as a solution, but I am open to alternative suggestions.

• HTMLPurifier version: 4.18.0
• PHP version: 8.1.17