diff --git a/NEWS b/NEWS index fa3db166..a3c5c8cf 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier available. - Do not re-munge URL if the output URL has the same host as the input URL. Requested by Chris. +- Fix error in documentation regarding %Filter.ExtractStyleBlocks . Strategy_MakeWellFormed now operates in-place, saving memory and allowing for more interesting filter-backtracking . New HTMLPurifier_Injector->rewind() functionality, allows injectors to rewind diff --git a/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt b/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt index 36d11e95..aaa74163 100644 --- a/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt +++ b/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt @@ -14,13 +14,49 @@ EXTERNAL: CSSTidy
Sample usage:
-set('Filter', 'ExtractStyleBlocks', true); -$purifier = new HTMLPurifier($config); -$styles = $purifier->context->get('StyleBlocks'); -foreach ($styles as $style) { - echo '\n"; -}]]>+
'; +?> + + + +Filter.ExtractStyleBlocks +body {color:#F00;} Some text'; + + $config = HTMLPurifier_Config::createDefault(); + $config->set('Filter', 'ExtractStyleBlocks', true); + $purifier = new HTMLPurifier($config); + + $html = $purifier->purify($dirty); + + // This implementation writes the stylesheets to the styles/ directory. + // You can also echo the styles inside the document, but it's a bit + // more difficult to make sure they get interpreted properly by + // browsers; try the usual CSS armoring techniques. + $styles = $purifier->context->get('StyleBlocks'); + $dir = 'styles/'; + if (!is_dir($dir)) mkdir($dir); + $hash = sha1($_GET['html']); + foreach ($styles as $i => $style) { + file_put_contents($name = $dir . $hash . "_$i"); + echo ''; + } +?> + + ++ ++ + +]]>
Warning: It is possible for a user to mount an imagecrash attack using this CSS. Counter-measures are difficult;