htmlpurifier/library/HTMLPurifier.php

<?php

/*!
 * @mainpage
 * 
 * HTMLPurifier is an HTML filter that will take an arbitrary snippet of
 * HTML and rigorously test, validate and filter it into a version that
 * is safe for output onto webpages. It achieves this by:
 * 
 *  -# Lexing (parsing into tokens) the document,
 *  -# Executing various strategies on the tokens:
 *      -# Removing all elements not in the whitelist,
 *      -# Making the tokens well-formed,
 *      -# Fixing the nesting of the nodes, and
 *      -# Validating attributes of the nodes; and
 *  -# Generating HTML from the purified tokens.
 * 
 * However, most users will only need to interface with the HTMLPurifier
 * class, so this massive amount of infrastructure is usually concealed.
 * If you plan on working with the internals, be sure to include
 * HTMLPurifier_ConfigDef and HTMLPurifier_Config.
 */

require_once 'HTMLPurifier/ConfigDef.php';
require_once 'HTMLPurifier/Config.php';
require_once 'HTMLPurifier/Lexer.php';
require_once 'HTMLPurifier/HTMLDefinition.php';
require_once 'HTMLPurifier/Generator.php';
require_once 'HTMLPurifier/Strategy/Core.php';
require_once 'HTMLPurifier/Encoder.php';

/**
 * Main library execution class.
 * 
 * Facade that performs calls to the HTMLPurifier_Lexer,
 * HTMLPurifier_Strategy and HTMLPurifier_Generator subsystems in order to
 * purify HTML.
 * 
 * @todo We need an easier way to inject strategies, it'll probably end
 *       up getting done through config though.
 */
class HTMLPurifier
{
    
    var $config;
    
    var $lexer, $strategy, $generator;
    
    /**
     * Initializes the purifier.
     * @param $config Optional HTMLPurifier_Config object for all instances of
     *                the purifier, if omitted, a default configuration is
     *                supplied (which can be overridden on a per-use basis).
     */
    function HTMLPurifier($config = null) {
        
        $this->config = $config ? $config : HTMLPurifier_Config::createDefault();
        
        $this->lexer        = HTMLPurifier_Lexer::create();
        $this->strategy     = new HTMLPurifier_Strategy_Core();
        $this->generator    = new HTMLPurifier_Generator();
        $this->encoder      = new HTMLPurifier_Encoder();
        
    }
    
    /**
     * Filters an HTML snippet/document to be XSS-free and standards-compliant.
     * 
     * @param $html String of HTML to purify
     * @param $config HTMLPurifier_Config object for this operation, if omitted,
     *                defaults to the config object specified during this
     *                object's construction.
     * @return Purified HTML
     */
    function purify($html, $config = null) {
        $config = $config ? $config : $this->config;
        $html = $this->encoder->convertToUTF8($html, $config);
        $html = 
            $this->generator->generateFromTokens(
                $this->strategy->execute(
                    $this->lexer->tokenizeHTML($html, $config),
                    $config
                ),
                $config
            );
        $html = $this->encoder->convertFromUTF8($html, $config);
        return $html;
    }
    
}

?>