From 35fa08420deb183d0c54d2763053a40c3706ceb6 Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <edwardzyang@thewritingpot.com>
Date: Mon, 14 Aug 2006 00:27:15 +0000
Subject: [PATCH] Commit live demo, implement unified interface, and fix some
 security bugs (involving forgotten calls to strategies).

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a
---
 docs/examples/filter.php               | 65 ++++++++++++++++++++++++++
 library/HTMLPurifier.php               | 17 ++++++-
 library/HTMLPurifier/AttrDef/URI.php   |  8 +++-
 library/HTMLPurifier/CSSDefinition.php |  5 ++
 library/HTMLPurifier/Definition.php    |  4 +-
 library/HTMLPurifier/Strategy/Core.php |  2 +
 6 files changed, 97 insertions(+), 4 deletions(-)
 create mode 100644 docs/examples/filter.php

diff --git a/docs/examples/filter.php b/docs/examples/filter.php
new file mode 100644
index 00000000..5340d848
--- /dev/null
+++ b/docs/examples/filter.php
@@ -0,0 +1,65 @@
+<!DOCTYPE html 
+     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<title>HTMLPurifier Live Demo</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<h1>HTMLPurifier Live Demo</h1>
+<?php
+
+set_include_path('../../library' . PATH_SEPARATOR . get_include_path());
+require_once 'HTMLPurifier.php';
+
+if (!empty($_POST['html'])) {
+    
+    $html = get_magic_quotes_gpc() ? stripslashes($_POST['html']) : $_POST['html'];
+    
+    $purifier = new HTMLPurifier();
+    $pure_html = $purifier->purify($html);
+    
+?>
+<p>Here is your purified HTML:</p>
+<div style="border:5px solid #CCC;margin:0 10%;padding:1em;">
+<?php
+
+echo $pure_html;
+
+?>
+<div style="clear:both;"></div>
+</div>
+<p>Here is the source code of the purified HTML:</p>
+<pre><?php
+
+echo htmlspecialchars($pure_html);
+
+?></pre>
+<?php
+    
+} else {
+
+?>
+<p>Welcome to the live demo.  Enter some HTML and see how HTMLPurifier
+will filter it.</p>
+<?php
+
+}
+
+?>
+<form name="filter" action="filter.php" method="post">
+    <fieldset>
+        <legend>HTML</legend>
+        <textarea name="html" cols="60" rows="15"><?php
+
+if (isset($html)) echo htmlspecialchars($html);
+
+        ?></textarea>
+        <div>
+            <input type="submit" value="Submit" name="submit" class="button" />
+        </div>
+    </fieldset>
+</form>
+</body>
+</html>
\ No newline at end of file
diff --git a/library/HTMLPurifier.php b/library/HTMLPurifier.php
index 741fdd9a..cf581452 100644
--- a/library/HTMLPurifier.php
+++ b/library/HTMLPurifier.php
@@ -18,9 +18,12 @@
  * See /docs/spec.txt for more details.
  */
 
+require_once 'HTMLPurifier/ConfigDef.php';
+require_once 'HTMLPurifier/Config.php';
 require_once 'HTMLPurifier/Lexer.php';
 require_once 'HTMLPurifier/Definition.php';
 require_once 'HTMLPurifier/Generator.php';
+require_once 'HTMLPurifier/Strategy/Core.php';
 
 /**
  * Main library execution class.
@@ -32,12 +35,14 @@ require_once 'HTMLPurifier/Generator.php';
 class HTMLPurifier
 {
     
+    var $config;
+    
     /**
      * Initializes the purifier.
      * @param $config Configuration for all instances of the purifier
      */
     function HTMLPurifier($config = null) {
-        // unimplemented
+        $this->config = $config ? $config : HTMLPurifier_Config::createDefault();
     }
     
     /**
@@ -48,7 +53,15 @@ class HTMLPurifier
      * @return Purified HTML
      */
     function purify($html, $config = null) {
-        // unimplemented
+        $config = $config ? $config : $this->config;
+        $lexer = HTMLPurifier_Lexer::create();
+        $strategy = new HTMLPurifier_Strategy_Core();
+        $generator = new HTMLPurifier_Generator();
+        return $generator->generateFromTokens(
+            $strategy->execute(
+                $lexer->tokenizeHTML($html)
+            )
+        );
     }
     
 }
diff --git a/library/HTMLPurifier/AttrDef/URI.php b/library/HTMLPurifier/AttrDef/URI.php
index 33226219..6e2c7449 100644
--- a/library/HTMLPurifier/AttrDef/URI.php
+++ b/library/HTMLPurifier/AttrDef/URI.php
@@ -12,6 +12,12 @@ HTMLPurifier_ConfigDef::define(
 class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
 {
     
+    var $required = false;
+    
+    function HTMLPurifier_AttrDef_URI($required = false) {
+        $this->required = $required;
+    }
+    
     function validate($uri, $config, &$context) {
         
         // We'll write stack-based parsers later, for now, use regexps to
@@ -47,7 +53,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
             // retrieve the specific scheme object from the registry
             $scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
             $scheme_obj =& $registry->getScheme($scheme, $config);
-            if (!$scheme_obj) return false; // invalid scheme, clean it out
+            if (!$scheme_obj) return $this->required ? '' : false; // invalid scheme, clean it out
         } else {
             $scheme_obj =& $registry->getScheme(
                 $config->get('URI', 'DefaultScheme'), $config
diff --git a/library/HTMLPurifier/CSSDefinition.php b/library/HTMLPurifier/CSSDefinition.php
index bf56784c..43e9439b 100644
--- a/library/HTMLPurifier/CSSDefinition.php
+++ b/library/HTMLPurifier/CSSDefinition.php
@@ -1,5 +1,10 @@
 <?php
 
+require_once 'HTMLPurifier/AttrDef/Enum.php';
+require_once 'HTMLPurifier/AttrDef/Color.php';
+require_once 'HTMLPurifier/AttrDef/Composite.php';
+require_once 'HTMLPurifier/AttrDef/CSSLength.php';
+
 class HTMLPurifier_CSSDefinition
 {
     
diff --git a/library/HTMLPurifier/Definition.php b/library/HTMLPurifier/Definition.php
index 9ae93b9f..fbf75877 100644
--- a/library/HTMLPurifier/Definition.php
+++ b/library/HTMLPurifier/Definition.php
@@ -11,6 +11,7 @@ require_once 'HTMLPurifier/AttrDef.php';
     require_once 'HTMLPurifier/AttrDef/MultiLength.php';
     require_once 'HTMLPurifier/AttrDef/NumberSpan.php';
     require_once 'HTMLPurifier/AttrDef/URI.php';
+    require_once 'HTMLPurifier/AttrDef/CSS.php';
 require_once 'HTMLPurifier/AttrTransform.php';
     require_once 'HTMLPurifier/AttrTransform/Lang.php';
     require_once 'HTMLPurifier/AttrTransform/TextAlign.php';
@@ -315,12 +316,13 @@ class HTMLPurifier_Definition
         $e_URI = new HTMLPurifier_AttrDef_URI();
         $this->info['a']->attr['href'] =
         $this->info['img']->attr['longdesc'] =
-        $this->info['img']->attr['src'] =
         $this->info['del']->attr['cite'] =
         $this->info['ins']->attr['cite'] =
         $this->info['blockquote']->attr['cite'] =
         $this->info['q']->attr['cite'] = $e_URI;
         
+        $this->info['img']->attr['src'] = new HTMLPurifier_AttrDef_URI(true);
+        
         //////////////////////////////////////////////////////////////////////
         // UNIMP : info_tag_transform : transformations of tags
         
diff --git a/library/HTMLPurifier/Strategy/Core.php b/library/HTMLPurifier/Strategy/Core.php
index f4df65d7..f854b120 100644
--- a/library/HTMLPurifier/Strategy/Core.php
+++ b/library/HTMLPurifier/Strategy/Core.php
@@ -5,6 +5,7 @@ require_once 'HTMLPurifier/Strategy/Composite.php';
 require_once 'HTMLPurifier/Strategy/RemoveForeignElements.php';
 require_once 'HTMLPurifier/Strategy/MakeWellFormed.php';
 require_once 'HTMLPurifier/Strategy/FixNesting.php';
+require_once 'HTMLPurifier/Strategy/ValidateAttributes.php';
 
 class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
 {
@@ -13,6 +14,7 @@ class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
         $this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
         $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
         $this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
+        $this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
     }
     
 }