2006-07-23 00:11:03 +00:00
|
|
|
<?php
|
|
|
|
|
2006-07-23 03:43:53 +00:00
|
|
|
/*!
|
|
|
|
* @mainpage
|
|
|
|
*
|
2006-09-27 02:09:54 +00:00
|
|
|
* HTML Purifier is an HTML filter that will take an arbitrary snippet of
|
2006-07-23 03:43:53 +00:00
|
|
|
* HTML and rigorously test, validate and filter it into a version that
|
|
|
|
* is safe for output onto webpages. It achieves this by:
|
|
|
|
*
|
|
|
|
* -# Lexing (parsing into tokens) the document,
|
2006-07-24 02:49:37 +00:00
|
|
|
* -# Executing various strategies on the tokens:
|
|
|
|
* -# Removing all elements not in the whitelist,
|
|
|
|
* -# Making the tokens well-formed,
|
|
|
|
* -# Fixing the nesting of the nodes, and
|
|
|
|
* -# Validating attributes of the nodes; and
|
2006-07-23 03:43:53 +00:00
|
|
|
* -# Generating HTML from the purified tokens.
|
|
|
|
*
|
2006-08-17 20:29:34 +00:00
|
|
|
* However, most users will only need to interface with the HTMLPurifier
|
|
|
|
* class, so this massive amount of infrastructure is usually concealed.
|
|
|
|
* If you plan on working with the internals, be sure to include
|
2006-09-16 22:36:58 +00:00
|
|
|
* HTMLPurifier_ConfigSchema and HTMLPurifier_Config.
|
2006-07-23 03:43:53 +00:00
|
|
|
*/
|
|
|
|
|
2006-09-01 01:07:09 +00:00
|
|
|
/*
|
2007-05-05 20:26:42 +00:00
|
|
|
HTML Purifier 1.6.1 - Standards Compliant HTML Filtering
|
2006-09-01 01:07:09 +00:00
|
|
|
Copyright (C) 2006 Edward Z. Yang
|
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU Lesser General Public
|
|
|
|
License as published by the Free Software Foundation; either
|
|
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
Lesser General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
|
|
License along with this library; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*/
|
2006-09-07 02:13:17 +00:00
|
|
|
|
|
|
|
// almost every class has an undocumented dependency to these, so make sure
|
|
|
|
// they get included
|
2007-05-22 00:47:03 +00:00
|
|
|
require_once 'HTMLPurifier/ConfigSchema.php'; // important
|
2006-08-14 00:27:15 +00:00
|
|
|
require_once 'HTMLPurifier/Config.php';
|
2006-10-01 20:47:07 +00:00
|
|
|
require_once 'HTMLPurifier/Context.php';
|
2006-09-07 02:13:17 +00:00
|
|
|
|
2006-07-23 00:11:03 +00:00
|
|
|
require_once 'HTMLPurifier/Lexer.php';
|
|
|
|
require_once 'HTMLPurifier/Generator.php';
|
2006-08-14 00:27:15 +00:00
|
|
|
require_once 'HTMLPurifier/Strategy/Core.php';
|
2006-09-01 00:54:38 +00:00
|
|
|
require_once 'HTMLPurifier/Encoder.php';
|
2006-07-23 00:11:03 +00:00
|
|
|
|
2006-07-23 03:43:53 +00:00
|
|
|
/**
|
|
|
|
* Main library execution class.
|
|
|
|
*
|
|
|
|
* Facade that performs calls to the HTMLPurifier_Lexer,
|
2006-07-24 02:51:19 +00:00
|
|
|
* HTMLPurifier_Strategy and HTMLPurifier_Generator subsystems in order to
|
2006-07-23 03:43:53 +00:00
|
|
|
* purify HTML.
|
2006-08-30 02:24:43 +00:00
|
|
|
*
|
|
|
|
* @todo We need an easier way to inject strategies, it'll probably end
|
|
|
|
* up getting done through config though.
|
2006-07-23 03:43:53 +00:00
|
|
|
*/
|
2006-07-23 00:11:03 +00:00
|
|
|
class HTMLPurifier
|
|
|
|
{
|
|
|
|
|
2007-05-05 20:26:42 +00:00
|
|
|
var $version = '1.6.1';
|
2006-12-26 04:31:48 +00:00
|
|
|
|
2006-08-14 00:27:15 +00:00
|
|
|
var $config;
|
2007-01-21 15:09:07 +00:00
|
|
|
var $filters;
|
2006-08-14 00:27:15 +00:00
|
|
|
|
2007-06-17 21:27:39 +00:00
|
|
|
var $strategy, $generator;
|
2006-08-17 20:29:34 +00:00
|
|
|
|
2006-12-15 02:12:03 +00:00
|
|
|
/**
|
|
|
|
* Final HTMLPurifier_Context of last run purification. Might be an array.
|
|
|
|
* @public
|
|
|
|
*/
|
|
|
|
var $context;
|
|
|
|
|
2006-07-23 03:43:53 +00:00
|
|
|
/**
|
|
|
|
* Initializes the purifier.
|
2006-08-17 20:29:34 +00:00
|
|
|
* @param $config Optional HTMLPurifier_Config object for all instances of
|
|
|
|
* the purifier, if omitted, a default configuration is
|
2006-08-30 02:24:43 +00:00
|
|
|
* supplied (which can be overridden on a per-use basis).
|
2006-12-15 02:12:03 +00:00
|
|
|
* The parameter can also be any type that
|
|
|
|
* HTMLPurifier_Config::create() supports.
|
2006-07-23 03:43:53 +00:00
|
|
|
*/
|
2006-08-04 01:47:48 +00:00
|
|
|
function HTMLPurifier($config = null) {
|
2006-08-30 02:24:43 +00:00
|
|
|
|
2006-12-15 02:12:03 +00:00
|
|
|
$this->config = HTMLPurifier_Config::create($config);
|
2006-08-17 20:29:34 +00:00
|
|
|
|
2006-08-30 02:24:43 +00:00
|
|
|
$this->strategy = new HTMLPurifier_Strategy_Core();
|
|
|
|
$this->generator = new HTMLPurifier_Generator();
|
|
|
|
|
2006-07-23 00:11:03 +00:00
|
|
|
}
|
|
|
|
|
2007-01-21 15:09:07 +00:00
|
|
|
/**
|
|
|
|
* Adds a filter to process the output. First come first serve
|
|
|
|
* @param $filter HTMLPurifier_Filter object
|
|
|
|
*/
|
|
|
|
function addFilter($filter) {
|
|
|
|
$this->filters[] = $filter;
|
|
|
|
}
|
|
|
|
|
2006-07-23 03:43:53 +00:00
|
|
|
/**
|
2006-08-17 20:29:34 +00:00
|
|
|
* Filters an HTML snippet/document to be XSS-free and standards-compliant.
|
2006-07-23 03:43:53 +00:00
|
|
|
*
|
|
|
|
* @param $html String of HTML to purify
|
2006-08-17 20:29:34 +00:00
|
|
|
* @param $config HTMLPurifier_Config object for this operation, if omitted,
|
|
|
|
* defaults to the config object specified during this
|
2006-12-15 02:12:03 +00:00
|
|
|
* object's construction. The parameter can also be any type
|
|
|
|
* that HTMLPurifier_Config::create() supports.
|
2006-07-23 03:43:53 +00:00
|
|
|
* @return Purified HTML
|
|
|
|
*/
|
2006-08-04 01:47:48 +00:00
|
|
|
function purify($html, $config = null) {
|
2006-12-15 02:12:03 +00:00
|
|
|
|
|
|
|
$config = $config ? HTMLPurifier_Config::create($config) : $this->config;
|
|
|
|
|
2007-06-17 21:27:39 +00:00
|
|
|
// implementation is partially environment dependant, partially
|
|
|
|
// configuration dependant
|
|
|
|
$lexer = HTMLPurifier_Lexer::create($config);
|
|
|
|
|
2007-01-16 22:22:08 +00:00
|
|
|
$context = new HTMLPurifier_Context();
|
2007-01-18 22:55:44 +00:00
|
|
|
$html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
|
2006-12-15 02:12:03 +00:00
|
|
|
|
2007-01-21 15:09:07 +00:00
|
|
|
for ($i = 0, $size = count($this->filters); $i < $size; $i++) {
|
|
|
|
$html = $this->filters[$i]->preFilter($html, $config, $context);
|
|
|
|
}
|
|
|
|
|
2006-12-15 02:12:03 +00:00
|
|
|
// purified HTML
|
2006-09-01 00:54:38 +00:00
|
|
|
$html =
|
2006-08-17 20:29:34 +00:00
|
|
|
$this->generator->generateFromTokens(
|
2006-12-15 02:12:03 +00:00
|
|
|
// list of tokens
|
2006-08-17 20:29:34 +00:00
|
|
|
$this->strategy->execute(
|
2006-12-15 02:12:03 +00:00
|
|
|
// list of un-purified tokens
|
2007-06-17 21:27:39 +00:00
|
|
|
$lexer->tokenizeHTML(
|
2006-12-15 02:12:03 +00:00
|
|
|
// un-purified HTML
|
|
|
|
$html, $config, $context
|
|
|
|
),
|
2006-10-01 20:47:07 +00:00
|
|
|
$config, $context
|
2006-09-01 00:54:38 +00:00
|
|
|
),
|
2006-10-01 20:47:07 +00:00
|
|
|
$config, $context
|
2006-09-01 00:54:38 +00:00
|
|
|
);
|
2006-12-15 02:12:03 +00:00
|
|
|
|
2007-01-21 15:09:07 +00:00
|
|
|
for ($i = $size - 1; $i >= 0; $i--) {
|
|
|
|
$html = $this->filters[$i]->postFilter($html, $config, $context);
|
|
|
|
}
|
|
|
|
|
2007-01-18 22:55:44 +00:00
|
|
|
$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
|
2006-12-15 02:12:03 +00:00
|
|
|
$this->context =& $context;
|
2006-09-01 00:54:38 +00:00
|
|
|
return $html;
|
2006-07-23 00:11:03 +00:00
|
|
|
}
|
|
|
|
|
2006-12-20 23:51:09 +00:00
|
|
|
/**
|
|
|
|
* Filters an array of HTML snippets
|
|
|
|
* @param $config Optional HTMLPurifier_Config object for this operation.
|
|
|
|
* See HTMLPurifier::purify() for more details.
|
|
|
|
* @return Array of purified HTML
|
|
|
|
*/
|
|
|
|
function purifyArray($array_of_html, $config = null) {
|
|
|
|
$context_array = array();
|
|
|
|
foreach ($array_of_html as $key => $html) {
|
|
|
|
$array_of_html[$key] = $this->purify($html, $config);
|
|
|
|
$context_array[$key] = $this->context;
|
|
|
|
}
|
|
|
|
$this->context = $context_array;
|
|
|
|
return $array_of_html;
|
|
|
|
}
|
|
|
|
|
2007-05-28 03:33:12 +00:00
|
|
|
/**
|
|
|
|
* Singleton for enforcing just one HTML Purifier in your system
|
|
|
|
*/
|
|
|
|
function &getInstance($prototype = null) {
|
|
|
|
static $htmlpurifier;
|
|
|
|
if (!$htmlpurifier || $prototype) {
|
|
|
|
if (is_a($prototype, 'HTMLPurifier')) {
|
|
|
|
$htmlpurifier = $prototype;
|
|
|
|
} elseif ($prototype) {
|
|
|
|
$htmlpurifier = new HTMLPurifier(HTMLPurifier_Config::create($prototype));
|
|
|
|
} else {
|
|
|
|
$htmlpurifier = new HTMLPurifier();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $htmlpurifier;
|
|
|
|
}
|
|
|
|
|
2006-12-20 23:51:09 +00:00
|
|
|
|
2006-07-23 00:11:03 +00:00
|
|
|
}
|
|
|
|
|
2006-04-15 01:13:42 +00:00
|
|
|
?>
|