Custom Injector to display URL address along with link text.

When viewing potentially hostile html, it may be helpful to see what
a given link was pointing to.  This new injector takes the href
attribute and adds the text after the link, and deletes the href
attribute.

Other forms of display could easily be contrived, but this seems to be
a good basic way to present the information.

Signed-off-by: David Morton <mortonda@dgrmm.net>
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>

configdoc/usage.xml

@@ -143,7 +143,7 @@
    <line>202</line>
   </file>
   <file name="HTMLPurifier/Lexer.php">
-   <line>252</line>
+   <line>258</line>
   </file>
   <file name="HTMLPurifier/HTMLModule/Image.php">
    <line>27</line>
@@ -205,7 +205,7 @@
  </directive>
  <directive id="Core.ConvertDocumentToFragment">
   <file name="HTMLPurifier/Lexer.php">
-   <line>261</line>
+   <line>267</line>
   </file>
  </directive>
  <directive id="URI.Host">

library/HTMLPurifier.includes.php

@@ -168,6 +168,7 @@ require 'HTMLPurifier/HTMLModule/Tidy/Strict.php';
 require 'HTMLPurifier/HTMLModule/Tidy/Transitional.php';
 require 'HTMLPurifier/HTMLModule/Tidy/XHTML.php';
 require 'HTMLPurifier/Injector/AutoParagraph.php';
+require 'HTMLPurifier/Injector/DisplayLinkURI.php';
 require 'HTMLPurifier/Injector/Linkify.php';
 require 'HTMLPurifier/Injector/PurifierLinkify.php';
 require 'HTMLPurifier/Injector/RemoveEmpty.php';

library/HTMLPurifier.safe-includes.php

@@ -162,6 +162,7 @@ require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Strict.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Transitional.php';
 require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTML.php';
 require_once $__dir . '/HTMLPurifier/Injector/AutoParagraph.php';
+require_once $__dir . '/HTMLPurifier/Injector/DisplayLinkURI.php';
 require_once $__dir . '/HTMLPurifier/Injector/Linkify.php';
 require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php';
 require_once $__dir . '/HTMLPurifier/Injector/RemoveEmpty.php';

library/HTMLPurifier/ConfigSchema/schema/AutoFormat.DisplayLinkURI.txt

@@ -0,0 +1,10 @@
+AutoFormat.DisplayLinkURI
+TYPE: bool
+VERSION: 3.1.2
+DEFAULT: false
+--DESCRIPTION--
+<p>
+  This directive turns on the in-text display of URIs in &lt;a&gt; tags, and disables
+  those links. For example, <a href="http://example.com">example</a> becomes
+  example (<a>http://example.com</a>).
+</p>

library/HTMLPurifier/Injector/DisplayLinkURI.php

@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * Injector that displays the URL of an anchor instead of linking to it, in addition to showing the text of the link.
+ */
+class HTMLPurifier_Injector_DisplayLinkURI extends HTMLPurifier_Injector
+{
+    
+    public $name = 'DisplayLinkURI';
+    public $needed = array('a');
+    
+    public function handleElement(&$token) {
+    }
+    
+    public function handleEnd(&$token) {
+        if (isset($token->start->attr['href'])){
+            $url = $token->start->attr['href'];
+            unset($token->start->attr['href']);
+            $token = array($token, new HTMLPurifier_Token_Text(" ($url)"));
+        } else {
+            // nothing to display
+        }
+    }
+}

tests/HTMLPurifier/Injector/DisplayLinkURITest.php

@@ -0,0 +1,32 @@
+<?php
+
+class HTMLPurifier_Injector_DisplayLinkURITest extends HTMLPurifier_InjectorHarness
+{
+    
+    function setup() {
+        parent::setup();
+        $this->config->set('AutoFormat', 'DisplayLinkURI', true);
+    }
+    
+    function testBasicLink() {
+        $this->assertResult(
+            '<a href="http://malware.example.com">Don\'t go here!</a>',
+            '<a>Don\'t go here!</a> (http://malware.example.com)'
+        );
+    }
+    
+    function testEmptyLink() {
+        $this->assertResult(
+            '<a>Don\'t go here!</a>',
+            '<a>Don\'t go here!</a>'
+        );
+    }
+    function testEmptyText() {
+        $this->assertResult(
+            '<a href="http://malware.example.com"></a>',
+            '<a></a> (http://malware.example.com)'
+        );
+    }
+    
+}
+?>