mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-03-23 14:27:02 +00:00
Code Releases Activity

Commit live demo, implement unified interface, and fix some security bugs (involving forgotten calls to strategies).

Browse Source 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-14 00:27:15 +00:00
parent b5ff592157
commit 35fa08420d
6 changed files with 97 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
docs/examples/filter.php Normal file
View File

@ -0,0 +1,65 @@
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTMLPurifier Live Demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>HTMLPurifier Live Demo</h1>
<?php
set_include_path('../../library' . PATH_SEPARATOR . get_include_path());
require_once 'HTMLPurifier.php';
if (!empty($_POST['html'])) {
$html = get_magic_quotes_gpc() ? stripslashes($_POST['html']) : $_POST['html'];
$purifier = new HTMLPurifier();
$pure_html = $purifier->purify($html);
?>
<p>Here is your purified HTML:</p>
<div style="border:5px solid #CCC;margin:0 10%;padding:1em;">
<?php
echo $pure_html;
?>
<div style="clear:both;"></div>
</div>
<p>Here is the source code of the purified HTML:</p>
<pre><?php
echo htmlspecialchars($pure_html);
?></pre>
<?php
} else {
?>
<p>Welcome to the live demo. Enter some HTML and see how HTMLPurifier
will filter it.</p>
<?php
}
?>
<form name="filter" action="filter.php" method="post">
<fieldset>
<legend>HTML</legend>
<textarea name="html" cols="60" rows="15"><?php
if (isset($html)) echo htmlspecialchars($html);
?></textarea>
<div>
<input type="submit" value="Submit" name="submit" class="button" />
</div>
</fieldset>
</form>
</body>
</html>

17
library/HTMLPurifier.php
View File

@ -18,9 +18,12 @@
* See /docs/spec.txt for more details. * See /docs/spec.txt for more details.
*/ */
require_once 'HTMLPurifier/ConfigDef.php';
require_once 'HTMLPurifier/Config.php';
require_once 'HTMLPurifier/Lexer.php'; require_once 'HTMLPurifier/Lexer.php';
require_once 'HTMLPurifier/Definition.php'; require_once 'HTMLPurifier/Definition.php';
require_once 'HTMLPurifier/Generator.php'; require_once 'HTMLPurifier/Generator.php';
require_once 'HTMLPurifier/Strategy/Core.php';
/** /**
* Main library execution class. * Main library execution class.
@ -32,12 +35,14 @@ require_once 'HTMLPurifier/Generator.php';
class HTMLPurifier class HTMLPurifier
{ {
var $config;
/** /**
* Initializes the purifier. * Initializes the purifier.
* @param $config Configuration for all instances of the purifier * @param $config Configuration for all instances of the purifier
*/ */
function HTMLPurifier($config = null) { function HTMLPurifier($config = null) {
// unimplemented $this->config = $config ? $config : HTMLPurifier_Config::createDefault();
} }
/** /**
@ -48,7 +53,15 @@ class HTMLPurifier
* @return Purified HTML * @return Purified HTML
*/ */
function purify($html, $config = null) { function purify($html, $config = null) {
// unimplemented $config = $config ? $config : $this->config;
$lexer = HTMLPurifier_Lexer::create();
$strategy = new HTMLPurifier_Strategy_Core();
$generator = new HTMLPurifier_Generator();
return $generator->generateFromTokens(
$strategy->execute(
$lexer->tokenizeHTML($html)
)
);
} }
} }

8
library/HTMLPurifier/AttrDef/URI.php
View File

@ -12,6 +12,12 @@ HTMLPurifier_ConfigDef::define(
class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
{ {
var $required = false;
function HTMLPurifier_AttrDef_URI($required = false) {
$this->required = $required;
}
function validate($uri, $config, &$context) { function validate($uri, $config, &$context) {
// We'll write stack-based parsers later, for now, use regexps to // We'll write stack-based parsers later, for now, use regexps to
@ -47,7 +53,7 @@ class HTMLPurifier_AttrDef_URI extends HTMLPurifier_AttrDef
// retrieve the specific scheme object from the registry // retrieve the specific scheme object from the registry
$scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme); $scheme = ctype_lower($scheme) ? $scheme : strtolower($scheme);
$scheme_obj =& $registry->getScheme($scheme, $config); $scheme_obj =& $registry->getScheme($scheme, $config);
if (!$scheme_obj) return false; // invalid scheme, clean it out if (!$scheme_obj) return $this->required ? '' : false; // invalid scheme, clean it out
} else { } else {
$scheme_obj =& $registry->getScheme( $scheme_obj =& $registry->getScheme(
$config->get('URI', 'DefaultScheme'), $config $config->get('URI', 'DefaultScheme'), $config

5
library/HTMLPurifier/CSSDefinition.php
View File

@ -1,5 +1,10 @@
<?php <?php
require_once 'HTMLPurifier/AttrDef/Enum.php';
require_once 'HTMLPurifier/AttrDef/Color.php';
require_once 'HTMLPurifier/AttrDef/Composite.php';
require_once 'HTMLPurifier/AttrDef/CSSLength.php';
class HTMLPurifier_CSSDefinition class HTMLPurifier_CSSDefinition
{ {

4
library/HTMLPurifier/Definition.php
View File

@ -11,6 +11,7 @@ require_once 'HTMLPurifier/AttrDef.php';
require_once 'HTMLPurifier/AttrDef/MultiLength.php'; require_once 'HTMLPurifier/AttrDef/MultiLength.php';
require_once 'HTMLPurifier/AttrDef/NumberSpan.php'; require_once 'HTMLPurifier/AttrDef/NumberSpan.php';
require_once 'HTMLPurifier/AttrDef/URI.php'; require_once 'HTMLPurifier/AttrDef/URI.php';
require_once 'HTMLPurifier/AttrDef/CSS.php';
require_once 'HTMLPurifier/AttrTransform.php'; require_once 'HTMLPurifier/AttrTransform.php';
require_once 'HTMLPurifier/AttrTransform/Lang.php'; require_once 'HTMLPurifier/AttrTransform/Lang.php';
require_once 'HTMLPurifier/AttrTransform/TextAlign.php'; require_once 'HTMLPurifier/AttrTransform/TextAlign.php';
@ -315,12 +316,13 @@ class HTMLPurifier_Definition
$e_URI = new HTMLPurifier_AttrDef_URI(); $e_URI = new HTMLPurifier_AttrDef_URI();
$this->info['a']->attr['href'] = $this->info['a']->attr['href'] =
$this->info['img']->attr['longdesc'] = $this->info['img']->attr['longdesc'] =
$this->info['img']->attr['src'] =
$this->info['del']->attr['cite'] = $this->info['del']->attr['cite'] =
$this->info['ins']->attr['cite'] = $this->info['ins']->attr['cite'] =
$this->info['blockquote']->attr['cite'] = $this->info['blockquote']->attr['cite'] =
$this->info['q']->attr['cite'] = $e_URI; $this->info['q']->attr['cite'] = $e_URI;
$this->info['img']->attr['src'] = new HTMLPurifier_AttrDef_URI(true);
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// UNIMP : info_tag_transform : transformations of tags // UNIMP : info_tag_transform : transformations of tags

2
library/HTMLPurifier/Strategy/Core.php
View File

@ -5,6 +5,7 @@ require_once 'HTMLPurifier/Strategy/Composite.php';
require_once 'HTMLPurifier/Strategy/RemoveForeignElements.php'; require_once 'HTMLPurifier/Strategy/RemoveForeignElements.php';
require_once 'HTMLPurifier/Strategy/MakeWellFormed.php'; require_once 'HTMLPurifier/Strategy/MakeWellFormed.php';
require_once 'HTMLPurifier/Strategy/FixNesting.php'; require_once 'HTMLPurifier/Strategy/FixNesting.php';
require_once 'HTMLPurifier/Strategy/ValidateAttributes.php';
class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
{ {
@ -13,6 +14,7 @@ class HTMLPurifier_Strategy_Core extends HTMLPurifier_Strategy_Composite
$this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements(); $this->strategies[] = new HTMLPurifier_Strategy_RemoveForeignElements();
$this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed(); $this->strategies[] = new HTMLPurifier_Strategy_MakeWellFormed();
$this->strategies[] = new HTMLPurifier_Strategy_FixNesting(); $this->strategies[] = new HTMLPurifier_Strategy_FixNesting();
$this->strategies[] = new HTMLPurifier_Strategy_ValidateAttributes();
} }
} }