From 35fa08420deb183d0c54d2763053a40c3706ceb6 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Mon, 14 Aug 2006 00:27:15 +0000 Subject: [PATCH] Commit live demo, implement unified interface, and fix some security bugs (involving forgotten calls to strategies). git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a --- docs/examples/filter.php | 65 ++++++++++++++++++++++++++ library/HTMLPurifier.php | 17 ++++++- library/HTMLPurifier/AttrDef/URI.php | 8 +++- library/HTMLPurifier/CSSDefinition.php | 5 ++ library/HTMLPurifier/Definition.php | 4 +- library/HTMLPurifier/Strategy/Core.php | 2 + 6 files changed, 97 insertions(+), 4 deletions(-) create mode 100644 docs/examples/filter.php diff --git a/docs/examples/filter.php b/docs/examples/filter.php new file mode 100644 index 00000000..5340d848 --- /dev/null +++ b/docs/examples/filter.php @@ -0,0 +1,65 @@ + + + +HTMLPurifier Live Demo + + + +

HTMLPurifier Live Demo

+purify($html); + +?> +

Here is your purified HTML:

+
+ +
+
+

Here is the source code of the purified HTML:

+
+ +

Welcome to the live demo. Enter some HTML and see how HTMLPurifier +will filter it.

+ +
+
+ HTML + +
+ +
+
+
+ + \ No newline at end of file diff --git a/library/HTMLPurifier.php b/library/HTMLPurifier.php index 741fdd9a..cf581452 100644 --- a/library/HTMLPurifier.php +++ b/library/HTMLPurifier.php @@ -18,9 +18,12 @@ * See /docs/spec.txt for more details. */ +require_once 'HTMLPurifier/ConfigDef.php'; +require_once 'HTMLPurifier/Config.php'; require_once 'HTMLPurifier/Lexer.php'; require_once 'HTMLPurifier/Definition.php'; require_once 'HTMLPurifier/Generator.php'; +require_once 'HTMLPurifier/Strategy/Core.php'; /** * Main library execution class. @@ -32,12 +35,14 @@ require_once 'HTMLPurifier/Generator.php'; class HTMLPurifier { + var $config; + /** * Initializes the purifier. * @param $config Configuration for all instances of the purifier */ function HTMLPurifier($config = null) { - // unimplemented + $this->config = $config ? $config : HTMLPurifier_Config::createDefault(); } /** @@ -48,7 +53,15 @@ class HTMLPurifier * @return Purified HTML */ function purify($html, $config = null) { - // unimplemented + $config = $config ? $config : $this->config; + $lexer = HTMLPurifier_Lexer::create(); + $strategy = new HTMLPurifier_Strategy_Core(); + $generator = new HTMLPurifier_Generator(); + return $generator->generateFromTokens( + $strategy->execute( + $lexer->tokenizeHTML($html) + ) + ); } } diff --git a/library/HTMLPurifier/AttrDef/URI.php b/library/HTMLPurifier/AttrDef/URI.php index 33226219..6e2c7449 100644 --- a/library/HTMLPurifier/AttrDef/URI.php +++ b/library/HTMLPurifier/AttrDef/URI.php @@ -12,6 +12,12 @@ HTMLPurifier_ConfigDef::define( class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef { + var $required = false; + + function HTMLPurifier_AttrDef_URI($required = false) { + $this->required = $required; + } + function validate($uri, $config, &$context) { // We'll write stack-based parsers later, for now, use regexps to @@ -47,7 +53,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef // retrieve the specific scheme object from the registry $scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme); $scheme_obj =& $registry->getScheme($scheme, $config); - if (!$scheme_obj) return false; // invalid scheme, clean it out + if (!$scheme_obj) return $this->required ? '' : false; // invalid scheme, clean it out } else { $scheme_obj =& $registry->getScheme( $config->get('URI', 'DefaultScheme'), $config diff --git a/library/HTMLPurifier/CSSDefinition.php b/library/HTMLPurifier/CSSDefinition.php index bf56784c..43e9439b 100644 --- a/library/HTMLPurifier/CSSDefinition.php +++ b/library/HTMLPurifier/CSSDefinition.php @@ -1,5 +1,10 @@ info['a']->attr['href'] = $this->info['img']->attr['longdesc'] = - $this->info['img']->attr['src'] = $this->info['del']->attr['cite'] = $this->info['ins']->attr['cite'] = $this->info['blockquote']->attr['cite'] = $this->info['q']->attr['cite'] = $e_URI; + $this->info['img']->attr['src'] = new HTMLPurifier_AttrDef_URI(true); + ////////////////////////////////////////////////////////////////////// // UNIMP : info_tag_transform : transformations of tags diff --git a/library/HTMLPurifier/Strategy/Core.php b/library/HTMLPurifier/Strategy/Core.php index f4df65d7..f854b120 100644 --- a/library/HTMLPurifier/Strategy/Core.php +++ b/library/HTMLPurifier/Strategy/Core.php @@ -5,6 +5,7 @@ require_once 'HTMLPurifier/Strategy/Composite.php'; require_once 'HTMLPurifier/Strategy/RemoveForeignElements.php'; require_once 'HTMLPurifier/Strategy/MakeWellFormed.php'; require_once 'HTMLPurifier/Strategy/FixNesting.php'; +require_once 'HTMLPurifier/Strategy/ValidateAttributes.php'; class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite { @@ -13,6 +14,7 @@ class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite $this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements(); $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed(); $this->strategies[] = new HTMLPurifier_Strategy_FixNesting(); + $this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes(); } }