mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-08 06:48:42 +00:00
Implement Internet Explorer compatibility code for embedded content.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
parent
baa477ac08
commit
0229458f8f
2
NEWS
2
NEWS
@ -15,6 +15,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
! Support for data: URI scheme; not enabled by default, add it using
|
! Support for data: URI scheme; not enabled by default, add it using
|
||||||
%URI.AllowedSchemes
|
%URI.AllowedSchemes
|
||||||
! Support flashvars when using %HTML.SafeObject
|
! Support flashvars when using %HTML.SafeObject
|
||||||
|
! Support for Internet Explorer compatibility with %HTML.SafeObject
|
||||||
|
using %Output.FlashCompat.
|
||||||
|
|
||||||
4.0.0, released 2009-07-07
|
4.0.0, released 2009-07-07
|
||||||
# APIs for ConfigSchema subsystem have substantially changed. See
|
# APIs for ConfigSchema subsystem have substantially changed. See
|
||||||
|
|||||||
@ -85,22 +85,27 @@
|
|||||||
</directive>
|
</directive>
|
||||||
<directive id="Output.CommentScriptContents">
|
<directive id="Output.CommentScriptContents">
|
||||||
<file name="HTMLPurifier/Generator.php">
|
<file name="HTMLPurifier/Generator.php">
|
||||||
<line>45</line>
|
<line>56</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="Output.SortAttr">
|
<directive id="Output.SortAttr">
|
||||||
<file name="HTMLPurifier/Generator.php">
|
<file name="HTMLPurifier/Generator.php">
|
||||||
<line>46</line>
|
<line>57</line>
|
||||||
|
</file>
|
||||||
|
</directive>
|
||||||
|
<directive id="Output.FlashCompat">
|
||||||
|
<file name="HTMLPurifier/Generator.php">
|
||||||
|
<line>58</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="Output.TidyFormat">
|
<directive id="Output.TidyFormat">
|
||||||
<file name="HTMLPurifier/Generator.php">
|
<file name="HTMLPurifier/Generator.php">
|
||||||
<line>75</line>
|
<line>87</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="Output.Newline">
|
<directive id="Output.Newline">
|
||||||
<file name="HTMLPurifier/Generator.php">
|
<file name="HTMLPurifier/Generator.php">
|
||||||
<line>89</line>
|
<line>101</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="HTML.BlockWrapper">
|
<directive id="HTML.BlockWrapper">
|
||||||
@ -320,7 +325,7 @@
|
|||||||
</directive>
|
</directive>
|
||||||
<directive id="Attr.DefaultInvalidImageAlt">
|
<directive id="Attr.DefaultInvalidImageAlt">
|
||||||
<file name="HTMLPurifier/AttrTransform/ImgRequired.php">
|
<file name="HTMLPurifier/AttrTransform/ImgRequired.php">
|
||||||
<line>32</line>
|
<line>33</line>
|
||||||
</file>
|
</file>
|
||||||
</directive>
|
</directive>
|
||||||
<directive id="HTML.Attr.Name.UseCDATA">
|
<directive id="HTML.Attr.Name.UseCDATA">
|
||||||
|
|||||||
Binary file not shown.
@ -7,8 +7,7 @@ DEFAULT: false
|
|||||||
Whether or not to permit embed tags in documents, with a number of extra
|
Whether or not to permit embed tags in documents, with a number of extra
|
||||||
security features added to prevent script execution. This is similar to
|
security features added to prevent script execution. This is similar to
|
||||||
what websites like MySpace do to embed tags. Embed is a proprietary
|
what websites like MySpace do to embed tags. Embed is a proprietary
|
||||||
element and will cause your website to stop validating. You probably want
|
element and will cause your website to stop validating; you should
|
||||||
to enable this with %HTML.SafeObject.
|
see if you can use %Output.FlashCompat with %HTML.SafeObject instead
|
||||||
<strong>Highly experimental.</strong>
|
first.</p>
|
||||||
</p>
|
|
||||||
--# vim: et sw=4 sts=4
|
--# vim: et sw=4 sts=4
|
||||||
|
|||||||
@ -6,9 +6,8 @@ DEFAULT: false
|
|||||||
<p>
|
<p>
|
||||||
Whether or not to permit object tags in documents, with a number of extra
|
Whether or not to permit object tags in documents, with a number of extra
|
||||||
security features added to prevent script execution. This is similar to
|
security features added to prevent script execution. This is similar to
|
||||||
what websites like MySpace do to object tags. You may also want to
|
what websites like MySpace do to object tags. You should also enable
|
||||||
enable %HTML.SafeEmbed for maximum interoperability with Internet Explorer,
|
%Output.FlashCompat in order to generate Internet Explorer
|
||||||
although embed tags will cause your website to stop validating.
|
compatibility code for your object tags.
|
||||||
<strong>Highly experimental.</strong>
|
|
||||||
</p>
|
</p>
|
||||||
--# vim: et sw=4 sts=4
|
--# vim: et sw=4 sts=4
|
||||||
|
|||||||
@ -0,0 +1,11 @@
|
|||||||
|
Output.FlashCompat
|
||||||
|
TYPE: bool
|
||||||
|
VERSION: 4.1.0
|
||||||
|
DEFAULT: false
|
||||||
|
--DESCRIPTION--
|
||||||
|
<p>
|
||||||
|
If true, HTML Purifier will generate Internet Explorer compatibility
|
||||||
|
code for all object code. This is highly recommended if you enable
|
||||||
|
%HTML.SafeObject.
|
||||||
|
</p>
|
||||||
|
--# vim: et sw=4 sts=4
|
||||||
@ -31,6 +31,17 @@ class HTMLPurifier_Generator
|
|||||||
*/
|
*/
|
||||||
private $_sortAttr;
|
private $_sortAttr;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Cache of %Output.FlashCompat
|
||||||
|
*/
|
||||||
|
private $_flashCompat;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Stack for keeping track of object information when outputting IE
|
||||||
|
* compatibility code.
|
||||||
|
*/
|
||||||
|
private $_flashStack = array();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Configuration for the generator
|
* Configuration for the generator
|
||||||
*/
|
*/
|
||||||
@ -44,6 +55,7 @@ class HTMLPurifier_Generator
|
|||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
$this->_scriptFix = $config->get('Output.CommentScriptContents');
|
$this->_scriptFix = $config->get('Output.CommentScriptContents');
|
||||||
$this->_sortAttr = $config->get('Output.SortAttr');
|
$this->_sortAttr = $config->get('Output.SortAttr');
|
||||||
|
$this->_flashCompat = $config->get('Output.FlashCompat');
|
||||||
$this->_def = $config->getHTMLDefinition();
|
$this->_def = $config->getHTMLDefinition();
|
||||||
$this->_xhtml = $this->_def->doctype->xml;
|
$this->_xhtml = $this->_def->doctype->xml;
|
||||||
}
|
}
|
||||||
@ -104,12 +116,41 @@ class HTMLPurifier_Generator
|
|||||||
|
|
||||||
} elseif ($token instanceof HTMLPurifier_Token_Start) {
|
} elseif ($token instanceof HTMLPurifier_Token_Start) {
|
||||||
$attr = $this->generateAttributes($token->attr, $token->name);
|
$attr = $this->generateAttributes($token->attr, $token->name);
|
||||||
|
if ($this->_flashCompat) {
|
||||||
|
if ($token->name == "object") {
|
||||||
|
$flash = new stdclass();
|
||||||
|
$flash->attr = $token->attr;
|
||||||
|
$flash->param = array();
|
||||||
|
$this->_flashStack[] = $flash;
|
||||||
|
}
|
||||||
|
}
|
||||||
return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>';
|
return '<' . $token->name . ($attr ? ' ' : '') . $attr . '>';
|
||||||
|
|
||||||
} elseif ($token instanceof HTMLPurifier_Token_End) {
|
} elseif ($token instanceof HTMLPurifier_Token_End) {
|
||||||
return '</' . $token->name . '>';
|
$_extra = '';
|
||||||
|
if ($this->_flashCompat) {
|
||||||
|
if ($token->name == "object" && !empty($this->_flashStack)) {
|
||||||
|
$flash = array_pop($this->_flashStack);
|
||||||
|
$compat_token = new HTMLPurifier_Token_Empty("embed");
|
||||||
|
foreach ($flash->attr as $name => $val) {
|
||||||
|
if ($name == "classid") continue;
|
||||||
|
if ($name == "type") continue;
|
||||||
|
if ($name == "data") $name = "src";
|
||||||
|
$compat_token->attr[$name] = $val;
|
||||||
|
}
|
||||||
|
foreach ($flash->param as $name => $val) {
|
||||||
|
if ($name == "movie") $name = "src";
|
||||||
|
$compat_token->attr[$name] = $val;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$_extra = "<!--[if IE]>".$this->generateFromToken($compat_token)."<![endif]-->";
|
||||||
|
}
|
||||||
|
return $_extra . '</' . $token->name . '>';
|
||||||
|
|
||||||
} elseif ($token instanceof HTMLPurifier_Token_Empty) {
|
} elseif ($token instanceof HTMLPurifier_Token_Empty) {
|
||||||
|
if ($this->_flashCompat && $token->name == "param" && !empty($this->_flashStack)) {
|
||||||
|
$this->_flashStack[count($this->_flashStack)-1]->param[$token->attr['name']] = $token->attr['value'];
|
||||||
|
}
|
||||||
$attr = $this->generateAttributes($token->attr, $token->name);
|
$attr = $this->generateAttributes($token->attr, $token->name);
|
||||||
return '<' . $token->name . ($attr ? ' ' : '') . $attr .
|
return '<' . $token->name . ($attr ? ' ' : '') . $attr .
|
||||||
( $this->_xhtml ? ' /': '' ) // <br /> v. <br>
|
( $this->_xhtml ? ' /': '' ) // <br /> v. <br>
|
||||||
|
|||||||
@ -25,6 +25,11 @@ $youtube_purifier = new HTMLPurifier(array(
|
|||||||
'Filter.YouTube' => true,
|
'Filter.YouTube' => true,
|
||||||
));
|
));
|
||||||
|
|
||||||
|
$safeobject_purifier = new HTMLPurifier(array(
|
||||||
|
'HTML.SafeObject' => true,
|
||||||
|
'Output.FlashCompat' => true,
|
||||||
|
));
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<h2>Unpurified</h2>
|
<h2>Unpurified</h2>
|
||||||
<p><a href="?break">Click here to see the unpurified version (breaks validation).</a></p>
|
<p><a href="?break">Click here to see the unpurified version (breaks validation).</a></p>
|
||||||
@ -42,6 +47,11 @@ echo $regular_purifier->purify($string);
|
|||||||
echo $youtube_purifier->purify($string);
|
echo $youtube_purifier->purify($string);
|
||||||
?></div>
|
?></div>
|
||||||
|
|
||||||
|
<h2>With SafeObject exception and flash compatibility</h2>
|
||||||
|
<div><?php
|
||||||
|
echo $safeobject_purifier->purify($string);
|
||||||
|
?></div>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
<?php
|
<?php
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user