config = HTMLPurifier_Config::create($config); $this->lexer = HTMLPurifier_Lexer::create(); $this->strategy = new HTMLPurifier_Strategy_Core(); $this->generator = new HTMLPurifier_Generator(); } /** * Adds a filter to process the output. First come first serve * @param $filter HTMLPurifier_Filter object */ function addFilter($filter) { $this->filters[] = $filter; } /** * Filters an HTML snippet/document to be XSS-free and standards-compliant. * * @param $html String of HTML to purify * @param $config HTMLPurifier_Config object for this operation, if omitted, * defaults to the config object specified during this * object's construction. The parameter can also be any type * that HTMLPurifier_Config::create() supports. * @return Purified HTML */ function purify($html, $config = null) { $config = $config ? HTMLPurifier_Config::create($config) : $this->config; $context = new HTMLPurifier_Context(); $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context); for ($i = 0, $size = count($this->filters); $i < $size; $i++) { $html = $this->filters[$i]->preFilter($html, $config, $context); } // purified HTML $html = $this->generator->generateFromTokens( // list of tokens $this->strategy->execute( // list of un-purified tokens $this->lexer->tokenizeHTML( // un-purified HTML $html, $config, $context ), $config, $context ), $config, $context ); for ($i = $size - 1; $i >= 0; $i--) { $html = $this->filters[$i]->postFilter($html, $config, $context); } $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context); $this->context =& $context; return $html; } /** * Filters an array of HTML snippets * @param $config Optional HTMLPurifier_Config object for this operation. * See HTMLPurifier::purify() for more details. * @return Array of purified HTML */ function purifyArray($array_of_html, $config = null) { $context_array = array(); foreach ($array_of_html as $key => $html) { $array_of_html[$key] = $this->purify($html, $config); $context_array[$key] = $this->context; } $this->context = $context_array; return $array_of_html; } /** * Singleton for enforcing just one HTML Purifier in your system */ function &getInstance($prototype = null) { static $htmlpurifier; if (!$htmlpurifier || $prototype) { if (is_a($prototype, 'HTMLPurifier')) { $htmlpurifier = $prototype; } elseif ($prototype) { $htmlpurifier = new HTMLPurifier(HTMLPurifier_Config::create($prototype)); } else { $htmlpurifier = new HTMLPurifier(); } } return $htmlpurifier; } } ?>